I have set up a simple search feature via the following link:
http://www.codeshare.co.uk/blog/simple-umbraco-search-example/ . I would like to handle malicious input from the user, currently if i input a <script> tag i get error about partial view not able to be rendered and log entry.
System.Web.HttpRequestValidationException (0x80004005): A potentially
dangerous Request.QueryString value was detected from the client
(keywords="**")
How can i handle this with Razor ? Debugging catches the exception in code at
Maybe you could use Regex? Not on the querystring after post but instead on the form input, preventing the user from posting malicious input. See example (This example only allows letters and numbers):
handle malicious input with Razor in template
HI Umbraco Team
I have set up a simple search feature via the following link: http://www.codeshare.co.uk/blog/simple-umbraco-search-example/ . I would like to handle malicious input from the user, currently if i input a
<script>tag i get error about partial view not able to be rendered and log entry.How can i handle this with Razor ? Debugging catches the exception in code at
Thanks Dibs
Hi Dibs.
Maybe you could use Regex? Not on the querystring after post but instead on the form input, preventing the user from posting malicious input. See example (This example only allows letters and numbers):
Live example: https://jsfiddle.net/411pk92u/
Regex used: http://regexlib.com/REDetails.aspx?regexp_id=1014
Best of luck!
That seems like a good idea! Maybe the regex could be more permissive!
The alternative would be to allow for "potentially dangerous" request string and then handle them correctly.
Look here https://msdn.microsoft.com/en-us/library/hh882339(v=vs.110).aspx#Anchor_0 under , skip the first part about
ASP.NET Web Forms.Thanks for your input guys,
I'll give both a try, maybe go with Microsoft link
Dibs
is working on a reply...