I take user input into a text area, store it and eventually display it back to the user.
In my View (Razor) I want to do something like this...
This doesn't work because Razor Html Encodes by default. This is great but I want my line breaks.
If I do this I get opened up to XSS problems.
What's the right way to handle this situation?
The URL link below will open a new Google mail window. The problem I have is that Google replaces all the plus (+) sign in the email body with blank space. It looks like it only happens with the + sign. Any suggestions on how to remedy this? ( I am working the ASP.NET web page)
https://firstname.lastname@example.org&su=some subject&body=Hi there+Hello there
(In the body email, "Hi there+Hello there" will show up as "Hi there Hello there")
I'm making an application that involves logging into a server, however, the post data needs some encoding.
Dim strEncUsername As String = Server.HtmlEncode(Me.txtUsername.Text)
However, since this isn't an asp.net application, this doesn't work. How the hay am I supposed to do this? I tried looking for an Imports thing, but no real luck.
I feel like this is something I should definitely know about, but I'm not entirely sure of the details of at what point a character is decoded by a browser (or even if I'm thinking about it in the right way).
While inspecting the DOM of a site to which I've added some content (through a form, for example), I can see my
< (in the contents of my comment) appear as a string. Even if the angular brackets are well-balanced (e.g.
<something>), it appears as a string rather than an element in the DOM. I appreciate this is critical in defense against injection attacks such as XSS, so (on the server), the content is written as a string literal rather than an element - but how does the browser recognise this and render it differently? And when does it decode it?
If the server does respond with
< why do I not see this in dev tools?
My confusion comes from the fact that, when inspecting, there is no difference between my
<something> content and a
<something> element (if there were such a thing).
I have been looking at solutions to this through all the encoding questions but I think mine is slightly different.I have a co worker that creates large spreadsheets of data by copying and pasting materials out of her browser and into an Excel sheet. She then saves this as a csv file and I use an uploader (DropZone) to grab that sheet and put it in our database. It goes into the system just fine. The issue is when I try and pull that data out in a JSON format it breaks because it is full of the black diamond characters where she has copied not quite perfect and it has some trailing space. I am sure the easiest thing would be to clean it as I grab the cvs and go through it row by row and drop it into the table. The questions is, what am I replacing? Trim doesnt work for sure because it isn't white space. How do I know what that character really is? Database: SQL Server Language: phpThanks!