JavaScript encoding for potentially dangerous requests
Question
So, I've run up against the ubiquitous ASP.NET "potentially dangerous request" issue a few times now in different contexts. When using CKEditor, I've had pretty good success at defeating it by using the general suggestion to set the "htmlEncodeOutput" option to true. In other cases, I've used the other widely given suggestion of reverting page validation to the older version, which essentially tells the server to ignore HTML coming through. So, fine.
But what I've not been able to figure out is how to encode text on my own (and keep the validation in place). In a wild stab in the dark, I've tried the JavaScript escape() and encodeURI() functions, along with a small string.replace() function that turned brackets into > and <. None of these seemed to work. In the most recent wild stab, I encoded text server-size using "HttpUtility.HtmlEncode," shipped it off to a browser , and tried to send it back. Up popped the "potentially dangerous request." Arg.
Is there available any working samples of a JavaScript function that will do whatever magic the CKEditor "htmlEncodeOutput" function does? I'd sure appreciate any tips.
1 answers
solution1
1 ACCPTED 2012-03-20 00:43:42
function htmlEncode(s) {
return s.replace(/&/g, '&').replace(/</g, '<')
.replace(/>/g, '>').replace(/"/g, '"');
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.