[thelist] [Server-side Security] stopping script / html injection

Volkan Özçelik volkan.ozcelik at gmail.com
Tue Jul 24 04:13:20 CDT 2007


For those who live in M$ World,
.net framework has generic HTMLEncode methods (classic ASP has a similar
method, I'm sure php, jsp etc. have their own encoding custom object as
well.)

Here is is a qick and dirty method (not tested)

public static String ToEscapedHTML(String value)
{
      StringBuilder buf = new StringBuilder(
          System.Web.HttpUtility.HtmlEncode(value)
      );

     //you may or may not need those -- for line break conversion
     buf.Replace("&lt;br /&gt;", "<br />");

    return buf.toString();
}

HTH,
-- 
Volkan Ozcelik
+> linkibol.com - in seek for quality links : http://www.linkibol.com/
+> Going solo in Turkish: http://www.fikribol.com/donkisot/
+> My projects/studies/trials/errors : http://www.sarmal.com/
+> Sardalya JavaScript Library: http://www.sarmal.com/sardalya/
[image: Close] Read more >>   Options >>
[image: Visit Answers.com] <http://www.answers.com>



More information about the thelist mailing list