Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Greetings friends,
I am developing a web application that will allow the customer to enter a personalized message, which will then be converted to HTML. Well, the problem is that I can not allow the insertion of Javascript code. So I need a method that filters the text, searching for and remove it. I think the regular expressions to solve my problem, but I’m having difficulty building. Some of his friends could help me, or has already developed something for this.
Thank you.
You don’t need to worry at what the customer enters and is saved into the database. You need to worry what you are showing in the View. All you need is to html encode the message before displaying it:
or using the new ASP.NET 4.0 code nugget: