Asp.net user disinfection
Does asp.net have a built-in mechanism that can deactivate all input in a textbox instead of being redirected to an error page?
I have a textbox input where the user can enter a name, but if they try to login while <> tags, the page will automatically throw an error. I just want to handle this error in a user-friendly way.
source to share
You can use the ASP.NET RegularExpressionValidator control with a pattern like:^[^<>]*$
<asp:RegularExpressionValidator ID="rev" runat="server"
ControlToValidate="txtBox"
ErrorMessage="The <> tags are not allowed!"
ValidationExpression="[^<>]*" />
<asp:RequiredFieldValidator ID="rfv" runat="server" ControlToValidate="txtBox"
ErrorMessage="Value can't be empty" />
RequiredFieldValidator is used in conjunction with RegularExpressionValidator to prevent empty entries. If this text field is optional and only needs to be validated when something is entered, then you don't need to use RequiredFieldValidator.
The advantage of this method is that the error can be handled gracefully and the user can be notified on the same page.
However, if you need to do this for many text fields and you just want to present something nicer than the error page, you can handle the ValidateRequest error to provide a friendlier message and keep the user on the same page (rather than just replacing this with a custom error page). For more information, see the Kirk Evans post: Handling ValidateRequest Errors on the page (see Overriding the OnError Method).
source to share
ASP.net has validation controls
[ http: //msdn.microsoft.com/en-us/library/7kh55542.aspx] [[1 ]
There is also the Mark Down Editor , which is a control that removes html tags, etc.
source to share
Read this step by step: http://yourtahir.wordpress.com/2008/03/28/aspnet-not-allow-html-in-text-boxserver-error-in-application-a-potentialy-dangerous-requestform- value-was-detected /
You need to do some web.config work.
source to share