Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Does anyone know of a RegularExpression Validator or website thats stops script and html tags being used in TextBoxes and TextAreas
Updated:
public static string RegexReplace(string strin, string strExp, string strReplace)
{
return Regex.Replace(strin, strExp, strReplace);
}
public static string RemoveHTML(string strText)
{
return RegexReplace(strText, "<[^>]*>", string.Empty);
}
You’re not going to prevent a user from inputting data in an input. You “could” use javascript, but then the user “could” disable javascript and do what they want.
You need to sanitize on the server side AFTER the user submits the data.
Check out the Microsoft AntiXSS Library, and even MarkDownSharp can do this (even if you’re not actually using Markdown). Alternatively there’s always the HtmlAgilityPack to parse HTML for you.
HtmlAgilityPack
MarkDownSharp
AntiXss
Do not, I repeat DO NOT parse html with regular expressions!!!!