Apparently, this is harder to find than I thought it would be. And it even is so simple...
For those unfamiliar with PHP, htmlspecialchars translates stuff like
I know that
encodeURI() do not work this way.
In my html source code I have some special symbols like the copyright one
<meta content="© Copyright... />
For some text editors these are shown correctly as above, but on VS Code I see it as � and after I save the file, the symbol will be shown as ï¿½ and � on other editors.
If I explicitly paste the © on VS Code and save it, then on another text editor it will be saved as Â©.
How can I solve this? What should I do?
How do I write the CC logo in HTML, is there something like
© (which gives ©)?
(CC stands for Creative Commons).
I am migrating a Framework v3.5 version to v4.5 and updating the
System.Data.OracleClient with ODP.NET from Oracle.
In one part of the app, it is getting some value from QueryString, doing a
Server.HtmlEncode and pushing into an oracle select statement where clause and running the statement through ODP.NET.
Now the problem is, it was working previously with the
System.Data.OracleClient, but getting invalid identifier from Oracle with ODP.NET. Runs fine if I remove the
Server.HtmlEncode but I am not allowed to expose the raw data to Oracle for security.
Imports Oracle.DataAccess.ClientstrStateIDs = Trim(Server.HtmlEncode(Context.Request.QueryString("STATE_IDS")))strLVQuery = "SELECT <some columns> WHERE <some condition> AND <some column> IN (" & strInitStateIDs & ") ORDER BY <some columns>"OracleDA.SelectCommand.CommandType = CommandType.TextOracleDA.Fill(dataTable)
Sample Data in
Posting it as it might help someone later.. As Antonio Bakula pointed out,
HtmlEncode encodes single quotes since ASP.NET 4.0
So, I did
strStateIDs = strStateIDs.Replace("'", "'") after
HtmlEncode to work around this issue.
Every time a user posts something containing
> in a page in my web application, I get this exception thrown.
I don't want to go into the discussion about the smartness of throwing an exception or crashing an entire web application because somebody entered a character in a text box, but I am looking for an elegant way to handle this.
Trapping the exception and showing
An error has occurred please go back and re-type your entire form again, but this time please do not use <
doesn't seem professional enough to me.
Disabling post validation (
validateRequest="false") will definitely avoid this error, but it will leave the page vulnerable to a number of attacks.
Ideally: When a post back occurs containing HTML restricted characters, that posted value in the Form collection will be automatically HTML encoded.So the
.Text property of my text-box will be
something & lt; html & gt;
Is there a way I can do this from a handler?