I am trying to validate user inputs (free text) on a web page before the data is stored in the database. The site's written using unconvensional asp.net, as it was largely upgraded from classic asp.
I want to make sure / or protect users from entering text values along with invalid characters such html. At the moment, if the page is submitted it crashes.
Should I use the HttpUtility.HtmlEncode to correct each text box entry? Does 开发者_如何学Gothis sound feasible?
Thanks in advance.
Yes
One of the most important things you can do from a security perspective is to ensure you're encoding all types of data appropriately.
When you're storing HTML that has been put into a web form you no longer want it to be interpreted as HTML. HttpUtility.HtmlEncode ensures this happens, so yes you need to use it.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论