Home/ Questions/Q 4601086
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T23:46:32+00:00

HI All, I need your suggestions/idea on this.When we started the project,client said that

  • 0

HI All,

I need your suggestions/idea on this.When we started the project,client said that we want
to accept Potentially Dangerous HTML Tags(like img,script,link etc...) into textbox,and we save textbox value into database.

Now,Client want to allow these tags ,but want to save these values in encoded form(to avoid xss)

Now, I just wanted to know that is there any way in asp.net ,so that I can replace behavior of all the existing textboxes with new SafeTextbox with minimal changes(I don’t want to add HtmlEncode or HtmlDecode to each textbox.)

For example 

public class NewTextBox:TextBox
{
    public override string Text
    {
        get { return HttpUtility.HtmlDecode(base.Text); }
        set { base.Text = HttpUtility.HtmlEncode(value); }
    }

}

At runtime

ProjectTextBox replaces with NewTextBox
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could look into TagMapping in ASP.NET.

    http://msdn.microsoft.com/en-us/library/ms164641(v=vs.100).aspx

    The tagMapping element defines a collection of tag types that are remapped to other tag types at compile time. This remapping causes the mapped type to be used in place of the original tag type for all pages and controls in the ASP.NET application within the scope of the configuration file.

    <pages>
  <tagMapping>
     <add tagType="System.Web.UI.WebControls.TextBox"
          mappedTagType="Yournamespace.NewTextBox" 
     />
  </tagMapping>

    • 0