As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
A user can enter HTML that will later be displayed to other users. The WYSIWYG plugin i'm using sanitizes the HTML from the front end. It removes all potentially malicious tags (script, src, anything starting with "on" etc) I obviously need to do some validation in the back end as well.
Does anyone know of a good solution for C#? I keep seeing this http://roberto.open-lab.com/2010/03/04/a-html-sanitizer-for-c/, though I'm a little hesitant to use some code from a random blog. Are there any well known plugins? What do most people do in this situation?
You can use HtmlAgilityPack, which is a well maintained library for all things related to HTML tags. A best practice would be to implement a White List, which is a list of allowable tags. This SO question might be exactly what you need:
HTML Agility Pack strip tags NOT IN whitelist
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
I'm asked to build a simple web site. Every page of this site is mainly text. I want them to be able to change all the text dynamicly.
What is a better way:
1) To store all the text in database.
2) On text change replace existing aspx file with new one with changed text.
I would prefer a way where the changed pages will load faster on client side
Given these requirements, your best solution is a CMS (content management system).
There are plenty of options for asp.net, like Umbraco, DotNetNuke etc.
Doing this by storing all the text in the database will be just like implementing a CMS. The second option is really really old school. You may as well put static html pages on the server in that case.
You should change text in the controller. Don't replace pages.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
Please give me regular expression formula to validate those fields. Unfortunately in this app I am unable to use java script in .ascx/.aspx page. So can I use javascript to pop up a map to locate the address in code behind file?? or what should I do?
A regex for address is not functionally possible. Pretty much anything can be a valid address. They only way to ensure integrity there is via a call to a geo location service. https://developers.google.com/maps/documentation/geocoding/ But you cannot be sure that even that would not disallow potentially valid addresses.
As for what should you do "validate and locate me" it is easiest to do a form submission and corresponding page navigation : http://www.sitepoint.com/net-form-processing-basics/
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
So far I understand that its good practice to XML comment a classes methods but is there a standard for how much you should use XML comments?
Should I be using them to document field variables, properties & constructors or is that just overkill?
Had a look about the web but can't see any hard and fast rules for this sort of thing.
There are two reason to use XML comments opposed to plain English:
If the comments follow the correct format they will show up in IntelliSense, meaning when I use your class I can see that int a is supposed to be the count or whatever the same way I see helpful info when I'm using .NET methods,
If you use the XML formats Microsoft supports you can create html (or other formats of) documentation using SandCastle or similar third party utilities.
So, if you're taking the time to write comments, you may as well make them the XML ones that VS encourages.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
Smalltalk supports a syntax feature called "message cascades". Cascades are being adopted by the Dart Programming language.
As far as I know, C# doesn't support this. Were they ever considered during the design of the language? Is it conceivable that they could appear in a future version of the language?
In VB.Net there is the with keyword which I believe is used for this purpose (correct me if I'm wrong on this), however in C# they decided that it can often hurt readability and left it out (good in my opinion).
Some short details can be found at the below link, however the link to the microsoft page is no longer working:
http://blogs.msdn.com/b/csharpfaq/archive/2004/03/11/why-doesn-t-c-have-vb-net-s-with-operator.aspx
Note: If anyone has the following link archived I would love to read it (as the link is not working):
http://msdn.microsoft.com/vcsharp/team/language/ask/withstatement/default.aspx
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
I would like to be able to capture screenshots with C++ 'using a lot of compression', and/or more importantly 'uses very few system resources when capturing'. I have been looking for concise, well-written examples, and I think I have found a few. What I've found is that most of the examples are in C# and very few are in C++. I'm sure there's a somewhat simple/common answer, and it's foolish to ask. Why do people use C# instead of C++?
Why do people use C# instead of C++?
Because it's easier.
C++ gives you a lot of control over everything, and with that extra control comes extra responsibility and more work. If you just want to get something done quickly, using C# is usually sufficient.