Wrox Programmer Forums
|
BOOK: ASP.NET Website Programming Problem-Design-Solution
This is the forum to discuss the Wrox book ASP.NET Website Programming: Problem - Design - Solution, Visual Basic .NET Edition by Marco Bellinaso, Kevin Hoffman; ISBN: 9780764543869
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: ASP.NET Website Programming Problem-Design-Solution section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old October 1st, 2005, 04:10 AM
Registered User
 
Join Date: Aug 2004
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Module News Problem

With split field "body" on database. I had submit a news with html tab, your web site view not true.

Example:

1. Database
....
<tr>
 <td>
        This example split
 </td>
</tr>
....
And split 500 character
2. Web
.....
<tr>
 <td>
        <tr>
         <td>
          This example split
 </td>
</tr>

I want format data get from database when view on the web.
Problem and help me. Thanks

 
Old October 1st, 2005, 04:30 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

I have no idea what you're talking about, so I'm afraid you'll need to clarify your question before I can give you an answer.

This forum is for the book "ASP.NET Website Programming Prob-Design-Solution". Is your question related to that book? If not, you're better off posting in a more appropriate forum like one of the HTML or ASP / ASP.NET forums.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
 
Old October 3rd, 2005, 05:02 AM
Registered User
 
Join Date: Aug 2004
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have develop module news on this book. But when split field "Body" to "abstract" field on database and body include tag html so when view news to html throw error above.

Please help me :(

 
Old October 3rd, 2005, 06:42 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

What error? I don't see any error info you posted....

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
 
Old October 3rd, 2005, 09:57 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Maybe you have trouble storing HTML tags in database fields?

You should look at HTTPUtility.HTMLEncode, and maybe HTTPUtility.HttpEncode.

It might be best to encode the text as base64 so it will always work correctly in a database field, and then decode it before showing it to the user.
 
Old October 4th, 2005, 01:10 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Right, or maybe you should set ValidateRequest:

<%@ Page ValidateRequest="False"

The title of the following article is misleading, but it describes the working of ValidateRequest: http://support.microsoft.com/default...b;en-us;821343

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
 
Old May 12th, 2006, 08:20 AM
Friend of Wrox
 
Join Date: Mar 2006
Posts: 310
Thanks: 0
Thanked 0 Times in 0 Posts
Default

i'm having the same problem in forums - PostTopic or PostReply.

Let's see...

if some user write:

"today I programmed<yesterday"
like he wants to say :
"today I programmed less than yesterday"

he will get a error in the page:

Code:
A potentially dangerous Request.Form value was detected from the client (Message=""
I'm thinking:
If i put
Code:
validateRequest="false"
(only in this page (postmessage.aspx))

and
Code:
subject = HttpUtility.HtmlEncode(Subject.Text)
text = HttpUtility.HtmlEncode(Message.Text)
key = HttpUtility.HtmlEncode(Key.Text)
Do i still have problem's with security??

The subject, text and key are the only "textbox" in this page.

Thanks
 
Old May 14th, 2006, 09:04 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default

That would be fine, assuming you store the safe version in the DB. You don't want raw HTML to be sent to a web page from inside a message.

To test it, just enter this text into a message and save it, and then view the message. The alert dialog must not be displayed. It it does get displayed, then you have a problem.

Change all square brackets to angle brackets before you type it in:

[script]alert("you have a problem")[/script]

Eric
 
Old May 15th, 2006, 06:35 PM
Friend of Wrox
 
Join Date: Mar 2006
Posts: 310
Thanks: 0
Thanked 0 Times in 0 Posts
Default

thanks eric,

but, what's the problem with square brackets ?

like this:
Code:
&lt;script&gt;alert(&quot;you have a problem&quot;)&lt;/script&gt;
if i replace < for [

i will see:

"today I programmed [ yesterday"

so... why can't i just replace < for &lt; ?

Thanks
 
Old May 16th, 2006, 09:41 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Take look at the code to see what he's doing in that page. Normally you can make that substitution. I don't know of anything in ASP.NET that would translate &lt; as a square bracket.

The forums in the second edition use a Rich text editor (one of the free ones), and the code is generally simpler.

Eri





Similar Threads
Thread Thread Starter Forum Replies Last Post
Separating news from the articles and add news pic Isaak BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 1 December 12th, 2006 11:25 AM
news module - adding new categories andieje BOOK: ASP.NET Website Programming Problem-Design-Solution 3 June 30th, 2006 07:55 PM
News Module/storing html in databases groupmatch BOOK: ASP.NET Website Programming Problem-Design-Solution 8 September 21st, 2004 06:54 AM
problem with News Ticker Application benito BOOK: ASP.NET Website Programming Problem-Design-Solution 2 September 1st, 2004 03:22 AM
News.aspx problem motor1 BOOK: ASP.NET Website Programming Problem-Design-Solution 1 December 15th, 2003 10:58 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.