HtmlEncode for all controls

Re: HtmlEncode for all controls

jaja wrote:No.
Actually you want to use HtmlEncode when writing data to Response, not
when reading data from a user

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Re: HtmlEncode for all controls

No.Thanks for the prompt reply.
I am new to web development.
It may be that I didn't clear myself well.

For example, I have the following html_encode1.as p file:

------------------------------------------------------
<%@ language="vbscr ipt"%>
<html>
<body>
<form action="html_en code1.asp" method="post">
<input type="text" name="txtbox">
<textarea name="txtarea" width=50 height=30/></textarea>
<input type="submit" value="Submit" />
</form>

<%
dim fname
fname=Request.F orm("txtarea")
fname = Server.HTMLEnco de(fname)
If fname<>"" Then
Response.Write( "Hello " & fname & "!<br />")
Response.Write( "How are you today?")
End If
%>
</body>
</html>
------------------------------------------------------

Please disregard the content. It is not the issue.
As you can see I have here 2 input controls: A TextBox and a TextArea.
On both I need to operate the HtmlEncode for security purpuses.
Now suppose I have 100 controls per page and 100 pages (I am
exaggerating of course, but just for theory prupuses).
Should I now activate HtmlEncode for each on of the controls per each
one of the pages?

Thanks again.

Re: HtmlEncode for all controls

jaja wrote:No, I totally understood your question, and my answer still stands.
You're not "activating HtmlEncode": You are calling a method called
HTMLEncode that is contained in the Server object. That method replaces
certain characters in the string provided via the argument with the HTML
codes for those characters and returns the resulting string to the
calling procedure.

There is no shortcut here, except for eliminating one unnecessary line
of code. All you really need is:

fname=Request.F orm("txtarea")
If fname<>"" Then
Response.Write( "Hello " & _
Server.HTMLEnco de(fname) & "!<br />")
Response.Write( "How are you today?")
End If

Again, the only place you need to use the method is when you are
actually writing the value to response. There is no value, security or
otherwise, to using it anywhere else.

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Re: HtmlEncode for all controls

Ok, Thank you Bob.

Re: HtmlEncode for all controls

jaja wrote:--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Re: HtmlEncode for all controls

jaja wrote:Actually, you could write your own function and include it via SSI in
all your pages:

ProcedureLibrar y.asp
<%
Sub WriteToResponse (sData, bEncode)
If bEncode Then
Response.Write Server.HTMLEnco de(sData)
Else
Response.Write sData
End If
End Sub
%>

Then in your html_encode1.as p page:

<!--#include file=procedureL ibrary.asp-->
<%
dim fname
fname=Request.F orm("txtarea")
If fname<>"" Then
WriteToResponse "Hello " & fname, true
WriteToResponse "!<br />",false
WriteToResponse "How are you today?", false
End If
%>

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Re: HtmlEncode for all controls

On 9 אפריל, 18:02, "Bob Barrows [MVP]" <reb01...@NOyah oo.SPAMcom>
wrote:Thank you Bob for the nice tip.
I would have hoped there will we maybe a Server object property which
I will be able to set and it will do the work, but apparently there
isn't.
Thanks, again!