Web Analytics Made Easy -
StatCounter Blog - CodingForum


No announcement yet.


  • Filter
  • Time
  • Show
Clear All
new posts

  • Blog

    I set up a blog area in my web page using asp.net. How can I prevent users from inserting images.


  • #2
    where ever the code is that inserts the code into the database, you need to run a check with regular expressions.

    I persoanally would escape all the < and > signs to &lt; and &gt;

    This will eliminate the people to use Javascript code in their blog entries too.

    Tech Author [Ajax In Action, JavaScript: Visual Blueprint]


    • #3
      I am BRAND NEW to asp.net. I have a file "view_blog.ascx so I believe this is the file you are referring to. I use the asp.net version of include to include this file into my homepage. So is this where I would do the expression thing. If so, how?

      Also, would eliminating Javascript prevent the user from inserting URL's?



      • #4
        Whatever the form field is that the user uses to insert their text, should post to your server as a string.

        In your .NET code, you'll find a variable that requests this text.

        This request variable will be a string - you can then modify the string accordingly.

        I think you totally misunderstood the last post, you don't want to "Eliminate JavaScript" - you just want to prevent potentially malicious users from putting scripts in their posts that will be executed when people view your page, or forum thread.

        Are you familiar with any server-side languages, or the difference between server-side and client-side? Perhaps we should back up a bit and start there.

        Also, if you're using a preformed .NET blog system, it should have something like that built in... you could just use Server.HTMLEncode(yourStringHere) otherwise, and that should do the trick...
        Former ASP Forum Moderator - I'm back!

        If you can teach yourself how to learn, you can learn anything. ;)


        • #5
          You are correct in that I misunderstood the last post and your are correct in that I don't want to completely eliminate the input of Javascript. I do understand the difference between client-side and server side language.

          I will look for the rquest variable string, that shouldn't be difficult. I don't know if we are using a preformed .NET blog system but that should be easy enough to find out and if we are, sounds like that would be the best way to go.

          Thanks so much for your help whammy...


          • #6
            If you have any trouble, please post further comments.

            I'm getting into .NET finally... it's so much more fun than old classic ASP.
            Former ASP Forum Moderator - I'm back!

            If you can teach yourself how to learn, you can learn anything. ;)


            • #7
              .NET is pretty groovy...check out Scott Mitchells series on Datagrids at 4guys...

              If you are looking into blogs/newsletters, etc also look into RSS;
              Another interesting XML application that I just started looking into a while back but got distracted with other things....