Last post May 01, 2009 02:16 PM by icm63
May 01, 2009 02:16 PM|icm63|LINK
I undertstand to filter HTML going from editor to SQL server varchar(max) and back to browser is a challenge.
I have read about
2) Anti cross scripting library v1.5
4) Page validation = false
5) Common data
I have asp.net (VB) 2.0 project that allows HTML from an Editor (freetextbox, and obout editor) into SQL server 2005 varchar(max) field, and then its returned back to the browser via user actions.
The $64000 dollar questions
1) How to make sure HTML going in from editor is not dangerous
2) How do I make sure that my CSS is not altered
3) How do I stop unwanted scripts (java and vbscripts
It seams to me all I want is the same functionality that this forum has posting its posts, or whatever WordPress and other blog systems are using when HTML is posted from editors in there software ?
What are steps. Simple please, what functions do I use, any examples in detail in either C# or VB. Why isnt there a one stop package that does it all.
I require server side filtering