FreeTextBox

A potentially dangerous Request.Form value was detected from the client (ctl00_ContentPlaceHolder1_FreeTextBox1="<FONT face=Georgia>g...").

Hi to errradicate  this... in the source code keep ValidateRequest = " False"

something like

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" ValidateRequest="false"
    Inherits="_Default" %>

I do the ValidateRequest="false" and I also run it through this function (ASP.NET) before inserting it into the table. You can't filter out ";"(semi-colons) because they are all over the place in the inline style declarations:  <span style="background-color: yellow; forground-color: black;">. I would be neet if I could strip out brackets and semi-colons:

Public Function stripInjectionFreeTextBox( ByVal thisword As String ) As String

Dim retval As String

retval = Replace(thisword, "'" , "''" , , , CompareMethod.Binary)

retval = Replace(retval, "INSERT" , "" , , , CompareMethod.Binary)

retval = Replace(retval, "DELETE" , "" , , , CompareMethod.Binary)

retval = Replace(retval, "UPDATE" , "" , , , CompareMethod.Binary)

retval = Replace(retval, "APPEND" , "" , , , CompareMethod.Binary)

retval = Replace(retval, "UNION" , "" , , , CompareMethod.Binary)

retval = Replace(retval, "DROP" , "" , , , CompareMethod.Binary)

retval = Replace(retval, "TABLE" , "" , , , CompareMethod.Binary)

retval = Replace(retval, "TRUNCATE" , "" , , , CompareMethod.Binary)

retval = Replace(retval, "GROUP" , "" , , , CompareMethod.Binary)

retval = Replace(retval, "--" , "" , , , CompareMethod.Binary)

retval = Replace(retval, "javascript" , "javascr1pt" , , , CompareMethod.Binary)

Return retval

End Function

 

 

---

Portland Dancing
Dance Like No One Is Watching