OK, I wrote this article and attached the code I use to validate or, to be more accurate, extract the tags entered in my textboxes. Although ASP.NET 1.1 contains in itself a detector that will detect tags entered in input fields, it would be better for you to extract these tags yourself if you don't need them.
Injections of unwanted tags or scripts may make your results or your output data unpredictable. For example, if you have a textbox that will save a username in a database and the user entered is <b>HisName</b>, and another page displays all the users in a table, then the username with the <b></b> tags will be shown in bold.
The code attached contains two parts, one for ASP.NET and the other for VB.NET. I'll explain the class which is the same for both.
Using the code
Extractor contains a public function
Extract that returns a
string type, and two private functions
Extract function will search though the entered text and will search for any "<" character. If found, call the
FoundOpener function which takes two parameters, the text that is under validation and the position of "<" respectively.
FoundOpener will search for the character ">" which is the closer for the tag and will return its position. If not found that means this tag is not closed, then the position will be the length of the text entered and all of the text after the opening will be removed.
After the position of the closer character is determined, another function which is called
CalculateLength will be executed to calculate the length of the text between the <>. For example, the length of <center> is 8. This function takes the start and end positions as parameters. Start is the position of "<" and end is the position of ">". The length is calculated by subtracting the start from the end.
Remove is a built-in function for use in string variables to remove pieces of characters:
Public Function Extract(ByVal srctext As String, _
ByVal sender As frmTagExtractor) As String
Dim TotalChars As Long
Dim Counter As Long
Dim CloserPosition As Long
Dim length As Long
Dim Extracts As String
Dim srcLength As Long = Len(srctext) - 1
Do While Counter <= srcLength
If srctext.Chars(Counter) = "<" Then
CloserPosition = FoundOpener(srctext, Counter)
length = CalculateLength(Counter, CloserPosition)
srctext = srctext.Remove(Counter, length)
srcLength = Len(srctext) - 1
Counter -= 1
Counter += 1
InStr built-in function in VB.NET will search something in a string:
Public Class Extractor
Private Function FoundOpener(ByVal text As String, _
ByVal Position As Long) As Long
Dim CloserPosition As Long
CloserPosition = InStr(Position + 1, text, ">", CompareMethod.Binary)
If CloserPosition = 0 Then
CloserPosition = Len(text)
Private Function CalculateLength(ByVal start As Long, _
ByVal final As Long) As Long
Return Math.Abs(final - start)
Please tell me if you have any suggestions concerning this technique or if you have another way to handle such a case.