i have a textarea and I am using ckeditor to allow users to enter data and click upload. This will save the html of this data to a mysql database table to display on a separate web page
What do i need to worry about in terms of what people are posting. Do i need to add any validation on the front end or back end to ensure that they are not posting dangerous scripts, etc . .
What is the easiest way to validate that what is being posted is fine to store and put back to the client to display later.
No, you shouldn’t worry about this. As far as you use parametrized queries in order to store data to avoid SQL injection a relational database doesn’t care much about what kind of text you are throwing at it.
Problems might arise when you try to display this data back on a web page. It is at this moment that you should ensure that it is properly HTML encoded.
For razor:
For WebForms (ASP.NET 4.0)
For WebForms (prior to ASP.NET 4.0)
Or for all of the above:
Parametrized queries to store data (only if you are using a relational database) and HTML encode to display back.
You might also find the following blog post useful about the Microsoft Anti-Xss library.