[thelist] [Server-side Security] stopping script / html injection
Volkan Özçelik
volkan.ozcelik at gmail.com
Tue Jul 24 04:13:20 CDT 2007
For those who live in M$ World,
.net framework has generic HTMLEncode methods (classic ASP has a similar
method, I'm sure php, jsp etc. have their own encoding custom object as
well.)
Here is is a qick and dirty method (not tested)
public static String ToEscapedHTML(String value)
{
StringBuilder buf = new StringBuilder(
System.Web.HttpUtility.HtmlEncode(value)
);
//you may or may not need those -- for line break conversion
buf.Replace("<br />", "<br />");
return buf.toString();
}
HTH,
--
Volkan Ozcelik
+> linkibol.com - in seek for quality links : http://www.linkibol.com/
+> Going solo in Turkish: http://www.fikribol.com/donkisot/
+> My projects/studies/trials/errors : http://www.sarmal.com/
+> Sardalya JavaScript Library: http://www.sarmal.com/sardalya/
[image: Close] Read more >> Options >>
[image: Visit Answers.com] <http://www.answers.com>
More information about the thelist
mailing list