Global validation of text controls in an ASP.NET web forms application
Question
I have a legacy ASP.NET application(VS2005) with around 62 pages and 84 textbox controls spread across them(varies between 2 and 6 textboxes per page). I would like to implement validation to prevent submission of special characters which would otherwise lead to XSS vulnerabilities. Is there a way to implement a global validation function that applies to all textbox controls throughout the application in one go?(Trying to avoid using one validator per textbox, minimising. changes to existing code).
Thanks in advance
3 answers
solution1
0 2013-10-28 23:39:22
You can use inheritance to solve this issue:
Step 1: Create a static method in base class
// Return true if is in valid e-mail format.
public static bool IsValidEmail( string sEmail )
{
return Regex.IsMatch(sEmail, @"^[\w!#$%&'*+\-/=?\^_`{|}~]+(\.[\w!#$%&'*+\-/=?\^_`{|}~]+)*"+ "@"+ @"((([\-\w]+\.)+[a-zA-Z]{2,4})|(([0-9]{1,3}\.){3}[0-9]{1,3}))$");
}
Step 2: Assign this method for all the text boxes needed for validation in Child class
Example:
if (this.TextboxEmail.Text.Length > 0 &&
IsValidEmail(this.TextboxEmail.Text) == false)
{
ErrMssg("Invalid Email");
}
solution2
0 2013-10-29 08:02:47
You could listen for the submit event and prevent it in case one or more textboxes contains a certain pattern:
$(function(){
$('form').on('submit', function(e){
var $invalidTextboxes = $('input[type="text"]').filter(function(){
return this.value.match(/abc+d/); //your pattern here
});
if($invalidTextboxes.length){
alert('invalid textbox value');
e.preventDefault();
}
});
});
If you have more forms on the page and want to pinpoint the one generated by webforms:
How to capture submit event using jQuery in an ASP.NET application?
solution3
0 2013-10-29 10:21:05
The better and generic way to perform validations at the global level would be to take the help of HTTP Module .
You can add a new c# class inheriting from module class. Inside the class, you can add the iteration on the form elements and perform the desired validations. This will help you build the generic implementation of textbox validations at the global level.
class XssModule : IHttpModule
{
#region IHttpModule Members
public void Init(HttpApplication application)
{
application.PostAcquireRequestState += new EventHandler(Application_PostAcquireRequestState);
}
public void Dispose()
{
}
#endregion
private void Application_PostAcquireRequestState(object sender, EventArgs e)
{
if (HttpContext.Current.Session != null)
{
//Perform the iteration on the form elements here.
}
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.