 |
BOOK: ASP.NET Website Programming Problem-Design-Solution
 | This is the forum to discuss the Wrox book ASP.NET Website Programming: Problem - Design - Solution, Visual Basic .NET Edition by Marco Bellinaso, Kevin Hoffman; ISBN: 9780764543869 |
|
Welcome to the p2p.wrox.com Forums.
You are currently viewing the BOOK: ASP.NET Website Programming Problem-Design-Solution section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
|
|
|
|
|
October 1st, 2005, 04:10 AM
|
|
Registered User
|
|
Join Date: Aug 2004
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Module News Problem
With split field "body" on database. I had submit a news with html tab, your web site view not true.
Example:
1. Database
....
<tr>
<td>
This example split
</td>
</tr>
....
And split 500 character
2. Web
.....
<tr>
<td>
<tr>
<td>
This example split
</td>
</tr>
I want format data get from database when view on the web.
Problem and help me. Thanks
|
|
October 1st, 2005, 04:30 AM
|
 |
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
I have no idea what you're talking about, so I'm afraid you'll need to clarify your question before I can give you an answer.
This forum is for the book "ASP.NET Website Programming Prob-Design-Solution". Is your question related to that book? If not, you're better off posting in a more appropriate forum like one of the HTML or ASP / ASP.NET forums.
Cheers,
Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
|
|
October 3rd, 2005, 05:02 AM
|
|
Registered User
|
|
Join Date: Aug 2004
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
I have develop module news on this book. But when split field "Body" to "abstract" field on database and body include tag html so when view news to html throw error above.
Please help me :(
|
|
October 3rd, 2005, 06:42 AM
|
|
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
What error? I don't see any error info you posted....
Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
|
|
October 3rd, 2005, 09:57 PM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Maybe you have trouble storing HTML tags in database fields?
You should look at HTTPUtility.HTMLEncode, and maybe HTTPUtility.HttpEncode.
It might be best to encode the text as base64 so it will always work correctly in a database field, and then decode it before showing it to the user.
|
|
October 4th, 2005, 01:10 AM
|
|
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
Right, or maybe you should set ValidateRequest:
<%@ Page ValidateRequest="False"
The title of the following article is misleading, but it describes the working of ValidateRequest: http://support.microsoft.com/default...b;en-us;821343
Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
|
|
May 12th, 2006, 08:20 AM
|
|
Friend of Wrox
|
|
Join Date: Mar 2006
Posts: 310
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
i'm having the same problem in forums - PostTopic or PostReply.
Let's see...
if some user write:
"today I programmed<yesterday"
like he wants to say :
"today I programmed less than yesterday"
he will get a error in the page:
Code:
A potentially dangerous Request.Form value was detected from the client (Message=""
I'm thinking:
If i put
Code:
validateRequest="false"
(only in this page (postmessage.aspx))
and
Code:
subject = HttpUtility.HtmlEncode(Subject.Text)
text = HttpUtility.HtmlEncode(Message.Text)
key = HttpUtility.HtmlEncode(Key.Text)
Do i still have problem's with security??
The subject, text and key are the only "textbox" in this page.
Thanks
|
|
May 14th, 2006, 09:04 PM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
That would be fine, assuming you store the safe version in the DB. You don't want raw HTML to be sent to a web page from inside a message.
To test it, just enter this text into a message and save it, and then view the message. The alert dialog must not be displayed. It it does get displayed, then you have a problem.
Change all square brackets to angle brackets before you type it in:
[script]alert("you have a problem")[/script]
Eric
|
|
May 15th, 2006, 06:35 PM
|
|
Friend of Wrox
|
|
Join Date: Mar 2006
Posts: 310
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
thanks eric,
but, what's the problem with square brackets ?
like this:
Code:
<script>alert("you have a problem")</script>
if i replace < for [
i will see:
"today I programmed [ yesterday"
so... why can't i just replace < for < ?
Thanks
|
|
May 16th, 2006, 09:41 PM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 917
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Take look at the code to see what he's doing in that page. Normally you can make that substitution. I don't know of anything in ASP.NET that would translate < as a square bracket.
The forums in the second edition use a Rich text editor (one of the free ones), and the code is generally simpler.
Eri
|
|
|
