Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

List of reserved HTML characters? 1

Status
Not open for further replies.
tcstom

tcstom

Programmer
Aug 22, 2003
235
GB
I have an application that occasionally errors on postback because a user has included reserved HTML characters in one of the many forms. I don't want to set Page.ValidateRequest to false in this case because security of this system is important, so for now I just want to provide users with a list of characters to avoid. Can someone list these for me, or is it just < and > ?
 
Sort by date Sort by votes
Do you mean these:


Perhaps it would be better to just encode the form values before building your URL if that is the case, and let users enter whatever they want?

Hope this helps,

Alex

[small]----signature below----[/small]
Majority rule don't work in mental institutions

My Crummy Web Page
 
Upvote 0 Downvote
Eventually I'll encode any submitted HTML but I just don't have time now so I just want to warn users about characters that'll cause the request validation to fail. Thanks for the list, Alex. At a glance I'm guessing only the < and > characters will actually create a request validation exception. Anyone know if I'm right?
 
Upvote 0 Downvote
Upvote 0 Downvote
Just to clarify, applying Server.UrlEncode replaces certain characters with URL-friendly equivalents (as per Alex's link above, so < is replaced with %3C. This should be used when passing text in a query string (and note that the values are decoded automatically when parsing that query string). On the other hand, Server.HtmlEncode should be used when handling form submissions safely because it replaces HTML-specific characters with their XML entity equivalents (so in this case < is replaced with &lt;). It is these characters that often cause the ASP.NET request validation to fail and I was originally asking for a list of the specific characters that would cause this (i.e. not a list of the URL-friendly ones). Does anyone have such a list?
 
Upvote 0 Downvote
Upvote 0 Downvote
Thanks, but I only want to know which ones will cause the request validation to fail. For example, the symbol & is represented by the HTML entity &amp; but submitting & in a textbox will not cause the request validation to fail.
 
Upvote 0 Downvote
You will have to read the specific documentation for whichever DOCTYPE you have chosen as I guess the list of values will change depending on which one you have chosen.


-------------------------------------------------------

Mark,
[URL unfurl="true"]http://aspnetlibrary.com[/url]
[URL unfurl="true"]http://mdssolutions.co.uk[/url] - Delivering professional ASP.NET solutions
[URL unfurl="true"]http://weblogs.asp.net/marksmith[/url]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AhmedAzizBarbary
  • Locked
  • Question
How to pass list of checkboxes not checked on page model razor page?
Replies
0
Views
1K
AhmedAzizBarbary
AhmedAzizBarbary
Everton1Blue
  • Locked
  • Question
Reserved word?
Replies
6
Views
406
jbenson001
jbenson001
tfstom
  • Locked
  • Question
Linq sort a list inside another list
Replies
0
Views
285
tfstom
tfstom
Papa Bear
  • Locked
  • Question
Update text of many labels 1
Replies
6
Views
568
jbenson001
jbenson001
JScannell
  • Locked
  • Question
Vertical alignment of checkbox in gridview
Replies
1
Views
567
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top