How to html encode user input with AutoCompleteExtender

Question

User-359936451 posted

I have a textbox with the AutoCompleteExtender which calls a web service. 

I am looking for a way to encode user input in the textbox so that the dreadful

*A potentially dangerous Request.Form value was detected from the client *

I don't have any issues encoding other input, just can't figure out how to do this with the extender.

Most of the time it was expected that the user would simply type character by character, but in some cases they paste in an html string that is legit for the database and the error pops. I need to allow the html, so custom error is not a viable solution.

                    <asp:TextBox ID="TextBox1" runat="server" Width="520px" Height="24px" 
                    AutoPostBack="True" Font-Names="Tahoma"></asp:TextBox>
                <asp:AutoCompleteExtender 
                    ID="TextBox1_AutoCompleteExtender" 
                    runat="server" 
                    DelimiterCharacters="" 
                    Enabled="True" 
                    EnableCaching="True" 
                    ServiceMethod="GetCompListFuz" 
                    ServicePath="~/srch/strgSrch.asmx" 
                    TargetControlID="TextBox1" 
                    UseContextKey="True" 
                    CompletionSetCount="30" 
                    CompletionInterval="10"
                    MinimumPrefixLength="3"
                    CompletionListItemCssClass="itemHighlighted" 
                    CompletionListHighlightedItemCssClass="itemHighlighted2"                      
                    BehaviorID="AutoCompleteEx1"  
                    OnClientPopulated="acePopulated1"
                    OnClientItemSelected="aceSelected1">                    
                </asp:AutoCompleteExtender>

Is there some way to do this?

Answer 1

User61956409 posted

Hi march11,

*A potentially dangerous Request.Form value was detected from the client *

Most of the time it was expected that the user would simply type character by character, but in some cases the paste in an html string that is legit for the database and the error pops.

As far as I know, the above error could appear while submitting HTML content to server. You could try to set the ValidateRequest tag in the @Page Directive to false.

<%@ Page Language="C#" AutoEventWireup="true" ValidateRequest = "false"

Besides, you could know more solution for “A potentially dangerous Request.Form value was detected from the client” issue from this article.

http://www.aspsnippets.com/Articles/ASPNet-Error-A-potentially-dangerous-RequestForm-value-was-detected-from-the-client.aspx

Best Regards,

Fei Han

Answer 2

User-359936451 posted

Right, I do not want to disable validation I just want to encode the html to protect the input.

My issue though it trying to figure out how to apply the encoding on the AutoCompleteExtender.

Thanks for the link I had previously reviewed it.

Answer 3

User61956409 posted

Hi march11,

I do not want to disable validation I just want to encode the html to protect the input.

You could refer to the following links that discussed about encoding html string.

http://stackoverflow.com/questions/14129953/how-to-encode-a-string-in-javascript-for-displaying-in-html

http://www.w3schools.com/jsref/jsref_escape.asp

Best Regards,

Fei Han