Request Validation – Preventing Script Attacks – Not Allowd html tags in textbox

By default, the application is prevented from processing unencoded HTML content submitted to the server (it means page validaterequest=true & it help us to prevent script attacks ).

This request validation feature can be disabled when the application has been designed to safely process HTML data. When ever you work with DotNetNuke this feature is disabled by default.

Now question comes in mind that in such cases how to “Preventing Script Attacks”.

One solution can “stop submitting input that contains such scripts or we can say html tags”.
so that we can prevent script attack.

Here is one solution using RegularExpressionValidator.

Suppose we are having textbox that takes some input text from the user & we do not want them to type any html tags than here is the code for that :

<asp:TextBox runat="server" ID="txtName"></asp:TextBox>

<asp:RegularExpressionValidator runat="server" ID="regName" ControlToValidate="txtName" Display="Dynamic" ValidationGroup="Employeevalgrp" ValidationExpression="^[^<>]+$" ErrorMessage="Html tags are not allowed."/>

<asp:Button runat="server" ID="btnSaveEmployeeInfo" ValidationGroup="Employeevalgrp"
 CausesValidation="true" OnClick="btnSaveEmployeeInfo_Click" />

Here when user press button, validator will validate the input text & submit the text only if it passes thru the validation test.

Here I must say that we are not validating request, we are just validating input that is going to be submitted to the server.

Thanks Sandeep to give a such a wonderful help……