When I try to store an article with html tags within it, I get an error from .NET saying it's a security risk. How can I correctly sore HTML data in a MS SQL 2000 database using ASP.NET?
I don't recommend it, for these reasons:
- What if you need this data in some other application later? You'd have to go through the extra step of stripping the HTML.
- Possible security risk because I can put a link like this:into your article if your DB isn't secure enough.HTML Code:<a href="http://a.competitor.site/stealcreditcards/">Page 2</a>
- Putting HTML into the database completely flattens an N-tier architecture.
Why not create another system, similar to the vB code used on this site. Example: _word_ would make it italic, *word* would make the word bold, automatically parse urls and generate links, etc. You really don't need to store HTML code in the DB if the type of HTML coding you need is simple enough (i.e. formatting stuff).
Surely leaving your DB wide open is the risk, not the HTML!!?Originally Posted by vgarcia
- former ASP web developer / former SPF "ASP Guru"
- *very* old blog with some useful ASP code
- Please think, Google, and search these forums before posting!