Example to remove all script block using C# code - asp.net

-
This is example how to remove script block in HTML.
This method will be very useful if you want to validate the html passed from input string do not have any script block.

Example HTML have script block :

<div> this is the information </div>
<script>alert('Your computer have security vulnerable');</script>

Example ASPX Code :

Note : This html using Editor Controller in AjaxToolkit library
 <asp:Content ID="Content1" ContentPlaceHolderID="HeadContent" runat="server">  
 </asp:Content>  
 <asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">  
   <ajaxToolkit:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server">  
   </ajaxToolkit:ToolkitScriptManager>  
   Input Text :  
   <cc1:Editor ID="Editor1" runat="server" />  
   <br />  
   <asp:Button ID="Button1" runat="server" Text="Save" onclick="Button1_Click" />  
   <br />  
   <asp:Literal ID="Literal1" runat="server"></asp:Literal>  
 </asp:Content>



Code Behind :

   protected void Page_Load(object sender, EventArgs e)  
     {  
     }  
     protected void Button1_Click(object sender, EventArgs e)  
     {  
       string inputHTML = Editor1.Content;  
       Literal1.Text = RemoveScripts(inputHTML);  
     }  
     /// <summary>  
     /// Regular expression match for the scripts.  
     /// </summary>  
     private Regex _RegExRemoveScripts;  
     /// <summary>  
     /// Regular expression match for the scripts.  
     /// </summary>  
     private Regex RegExRemoveScripts  
     {  
       get  
       {  
         // Expression groups: none   
         return _RegExRemoveScripts ?? (_RegExRemoveScripts = GetRegex(@"<script[ >](?:[^<]|<(?!/script))*</script>",  
           RegexOptions.Compiled | RegexOptions.IgnoreCase));  
       }  
     }  
     /// <summary>  
     /// Gets the regular expression specified by a matching pattern, optionally specifying processing options.  
     /// </summary>  
     /// <param name="pattern">Pattern to match</param>  
     /// <param name="options">Processing options</param>  
     private Regex GetRegex(string pattern, RegexOptions options)  
     {  
       return CreateRegex(pattern, options);  
     }  
     /// <summary>  
     /// Creates a new regular expression  
     /// </summary>  
     /// <param name="pattern">Pattern to match</param>  
     /// <param name="options">Processing options</param>  
     private Regex CreateRegex(string pattern, RegexOptions options)  
     {  
       return new Regex(pattern, EnsureCorrectOptions(options));  
     }  
     /// <summary>  
     /// Adds CultureInvariant option when there is ignore case to ensure correct behavior in Turkish culture.  
     /// </summary>  
     /// <param name="options">Options to be modified</param>  
     private RegexOptions EnsureCorrectOptions(RegexOptions options)  
     {  
       if (options.HasFlag(RegexOptions.IgnoreCase) && !options.HasFlag(RegexOptions.CultureInvariant))  
       {  
         // Add CultureInvariant option when there is ignore case to ensure correct behavior in Turkish culture  
         options |= RegexOptions.CultureInvariant;  
       }  
       return options;  
     }  
     /// <summary>  
     /// Removes the scripts from the given HTML text.  
     /// </summary>  
     /// <param name="htmlText">HTML text to process</param>  
     public string RemoveScripts(string htmlText)  
     {  
       // Remove all script blocks  
       htmlText = RegExRemoveScripts.Replace(htmlText, "");  
       return htmlText;  
     }


How to use ?

  1. Copy paste the above code in your code behind
  2. Try call method RemoveScript(string htmlCode)

Output :

Before Filter :

After Filter :


Hopefully this example can help someone.


Popular posts from this blog

How to create zip file to download in JSP- Servlet

-
Image
Hye, my previous post show that how to download zip file in ASP.NET ,. In this tutorial i will show the same thing, but in Jsp-Servlet. Note : In this tutorial i will use this library :- JSTL 1.1  The JSP File  <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <%@page contentType="text/html" pageEncoding="UTF-8"%> <!DOCTYPE html> <html>     <head>         <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">         <title>Download File As ZIP File</title>     </head>     <body>        <h1>Download File As ZIP File</h1>         ${DownloadMessage}         <br/>         <form action="<c:url value="/downloadFileServletZip" />" method="post" >             Default Path is server to download is D:\JAVA\dist\Output\             <input type="submit" name="bDownload"
Read more

How to create DataGrid or GridView in JSP - Servlet

-
Image
Hi there, today I will like to share my knowledge on creating basic Datagrid in JSP. This is my solution but not a permanent solution in all other cases. Maybe you can enhance this code to achieve your own objective. In this tutorial, I will use basic servlet and JSP. Note: In this tutorial, I will use this library:- MySQL JDBC Driver JSTL 1.1 the project will run on source JDK 7 This is the database table DROP TABLE IF EXISTS `blogtest`.`usersprofile`; CREATE TABLE  `blogtest`.`usersprofile` (   `userid` varchar(30) NOT NULL,   `firstName` varchar(45) NOT NULL,   `lastName` varchar(45) NOT NULL,   `emailAddress` varchar(45) NOT NULL,   PRIMARY KEY (`userid`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; INSERT INTO `usersprofile` VALUES ('Ahmad','Ahmad','Ahmad','Ahmad@gmail.com'), ('Ahmad1','Ahmad1','Ahmad1','Ahmad1@gmail.com'), ('Ahmad10','Ahmad10','Ahmad10','Ahmad10@gmail.com'), ('Ahmad11&#
Read more

Pinging in ASP.NET Example

-
Image
This tutorial will show you how to ping a hostname/ip using the .NET System.Net class, ASP.NET 2.0 and C#.NET. The .NET Framework offers a number of types that makes accessing resources on the network easy to use. To perform a simple ping, we will need to use the System.Net, System.Net.Network.Information, System.Text namespaces. using System.Net; using System.Net.NetworkInformation; using System.Text; ASPX Page  <asp:ScriptManager ID="ScriptManager1" runat="server">     </asp:ScriptManager>     <asp:UpdatePanel ID="UpdatePanel1" runat="server">         <ContentTemplate>             <table width="600" border="0" align="center" cellpadding="5" cellspacing="1" bgcolor="#cccccc">                 <tr>                     <td width="100" align="right" bgcolor="#eeeeee" class="header1">                         Ho
Read more