Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I want to restrict malicious html entered by a user, but it should be allowed that the user uses the greater than (>) or less than (<) symbols.
Is it safe to just disallow the following two strings?
"/>" and "</"
Can any malicious html be executed without closing tags?
Some more info: this is ASP.Net MVC, the user enters some text in a textbox, the text is stored in the database and then it is displayed on the page.
This situation can also be handled by escaping the input your user has entered when it is displayed on the user interface. This will cause all user input to be displayed as text on the ui. In this case tags would not be rendered on the browser for user input.