2

I am getting an error when I try to post data from an asp textbox to the database. The reason for this is that the text is html due to using an html text editor.

However when I try to encode the html I get the following error: BC30451: 'Bind' is not declared. It may be inaccessible due to its protection level.

Below is the asp code I have for the textbox that's causing the error.

<asp:TextBox ID="TxtBx" runat="server" Text='<%# Server.HtmlEncode(Bind("Details").ToString())%>'/>

I'm sure it's something small but can't resolve it. I have also tried the below with the same outcome:

Text='<%# System.Web.HttpUtility.HtmlEncode(Bind("Details"))%>'

I have also attempted to create my own function in the backend to resolve this with the following asp and vb:

Text='<%# encodeIT(Eval("Details"))%>'

    Public Function encodeIT(Details As String) As String
    Return HttpUtility.HtmlEncode(Details)
End Function

Any help would be greatly appreciated.

Update 1

I have attempted a client solution but still doesn't appear to be working, not sure if I've missed something, been testing in a basic web project to avoid any compatibility issues that could crop up. I have removed the databind for the purpose of this test as ASP throws the same error regardless.

ASP

<asp:Content ID="BodyContent" ContentPlaceHolderID="MainContent" runat="server">
<script src="../Scripts/tinymce/tinymce.min.js" type="text/javascript"></script>
<script type="text/javascript">
    $(document).ready(function () {
        tinymce.init({
            menubar: false,
            width: 800,
            height: 250,
            selector: "textarea"
        });
        var decodeStuff = (function () {
            // preventing any overhead from creating more than one instance of the function
            var element = document.createElement('div');

            function decodeHtml(str) {
                if (str && typeof str === 'string') {
                    // strip script and html tags
                    str = str.replace(/<script>[^>]*>([\S\s]*?)<\/script>/gmi, '');
                    str = str.replace(/<\/?\w(?:[^"'>]|"[^"]*"|'[^']*')*>/gmi, '');
                    element.innerHTML = str;
                    str = element.textContent;
                    element.textContent = '';
                }
                return str;
            }
            return decodeStuff;
        });
        var text = decodeStuff('TxtBx');
    });
</script>
<asp:Panel runat="server" ID="panel1">
<table>
<tr>
    <td>
        <asp:TextBox ID="TxtBx" runat="server" Width="100%" TextMode="MultiLine" Rows="20"></asp:TextBox>
    </td>
</tr>

Code behind (VB) where I'm trying to call the function on post back.

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
    If DDL.Text <> "Select" Then
        TxtBx.Text = DDL.Text``
    End If
    Page.ClientScript.RegisterClientScriptBlock(Page.GetType(), "TxtBx", "decodeHtml();", True)
End Sub
SelrekJohn
  • 476
  • 2
  • 6
  • 21
  • Encode text on the client before posting it back. – Yuriy Galanter Aug 20 '14 at 16:12
  • Thanks @YuriyGalanter think that's definitely the right course as it's getting the error before post back, I've found some methods on how to achieve html stripping but cannot get it to work. – SelrekJohn Aug 21 '14 at 10:18
  • I thought you wanted to keep html, just encode it? If that's the case - you can use basic functions as shown here: http://stackoverflow.com/a/1219983/961695 – Yuriy Galanter Aug 21 '14 at 13:03
  • What I want to do is allow the html to be saved to the database and brought back, at the moment I am receiving a System.Web.HttpRequestValidationException. – SelrekJohn Aug 21 '14 at 13:47
  • Use Encode function from the above link before posting back to the server. Use Decode function before displaying data from the server – Yuriy Galanter Aug 21 '14 at 14:05
  • Cheers - trying this out now. – SelrekJohn Aug 21 '14 at 15:10
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/59742/discussion-between-user3626037-and-yuriy-galanter). – SelrekJohn Aug 21 '14 at 15:36

1 Answers1

1

If this is only for internal use go into the web config file and within system.web you'll find httpRunTime and Pages add attributes requestValidationMode="2.0" and validateRequest="false" respectively.

Code:

<httpRuntime requestValidationMode="2.0"/> <pages validateRequest="false"/>

PurpleSmurph
  • 2,055
  • 3
  • 32
  • 52