0

I am trying to validate user inputs (free text) on a web page before the data is stored in the database. The site's written using unconvensional asp.net, as it was largely upgraded from classic asp.

I want to make sure / or protect users from entering text values along with invalid characters such html. At the moment, if the page is submitted it crashes.

Should I use the HttpUtility.HtmlEncode to correct each text box entry? Does this sound feasible?

Thanks in advance.

Bobbo
  • 1,593
  • 4
  • 13
  • 13

1 Answers1

1

Yes

One of the most important things you can do from a security perspective is to ensure you're encoding all types of data appropriately.

When you're storing HTML that has been put into a web form you no longer want it to be interpreted as HTML. HttpUtility.HtmlEncode ensures this happens, so yes you need to use it.

m.edmondson
  • 30,382
  • 27
  • 123
  • 206