I am working on an application that involves the user clicking on a hyperlink to popup an outlook email template. I have the SendTo values, and the subject values.
How do I enter text into the body of the email?
In the hyperlink you can add the ?body= variable after the email address. Formatting the body will be a challenge because for symbols like spaces you have to use hex codes (space = %20, newline = %0D). I don't know what your design criteria are, but most of the time I prefer to create a form with the desired input fields and let .NET handle the sending of the e-mail message on the submit.
Are you searching for this?
...
Related
I am using the PasswordRecovery Control in my ASP.NET WebForms Application (C#), now the thing is, When we are using PasswordRecovery Control, we are forced to use Wizard Control, which means, if the user enters username correctly, it will then hide textbox and display success message (or whatever you put in SuccessTemplate).
Now, the issue is by this way, when Unauthorized user, tries to access the application, they can try this control to get the actual username from the application (security risk). So, if they try the wrong username, they will get the "UserNameFailureText" and if they will enter the proper username, they will see the next template (SuccessTemplate) which will show a success message (By this way, they can get that the entered username is available in the system or not), so I want to remove the wizard structure, in all scenario, the textbox with a username will stay on the screen, and no matter what user enters, he will see a generic message "if you have entered the correct username, you will receive an email" Like that.
If anyone has any idea whether it's possible in PasswordRecovery control, or should I have to build a custom Page?
PS: I have tried removing SuccessTemplate from the page, it will automatically take the default success template.
I don't see why you can't just create a page from scratch? All that text box will do is check if the user exists, send them the email, and display your message. There not a whole lot of reasons thus to use the built-in template.
So, a simple button re-set password can run some code behind, send the re-set email, and set a label or text box, or even some "div" as visible = true to display your message. You don't mention or note that authentication provider you are using - but given the built in templates - then that suggests FBA, and thus the tables that drive the site and hold user + passwords should be fully available to your code behind.
On the other hand, you might have to add some kind of password re-set table, and say include a GUID generated ID, and the datetime. That way, the link you send in the email is specific to the one user - and has a limited time before that link expires.
Or I suppose the link in the email just directs them to the new password page - but I tend to toss in a GUID that is checked against that new re-set table. With the guid, then when they click on their email link, you can display their name, and only prompt for the new password. The email link simply includes that GUID as a parameter, and you pull that one row from the re-set table to get who is about to re-set their password.
I was trying to manipulate the html code of the subject line like that:
I am subject#001
But the subject line can not HTML. Is there any other way I can hyperlink a word in the subject line?
No, you cannot.
HTML markup in mail headers is not supported by any email specification. Therefore, no, you cannot hyperlink a word in the subject line.
You cannot, put if you put a link in the subject (starting with http:// or https://), Outlook will show it as a link.
I have a requirement to have a link on a webpage that users can click on a link that will open a Microsoft Outlook window that has the To, Subject, and Body fields pre-populated with information pertinent to the request.
The Subject and Body Fields are covered, but I need to populate the To field with data that is generated in my C#. The easiest way that I know of to do this, would be able to create an asp hiddenField, and populate it with the e-mail addresses that I need separated by semicolons. The problem is that I don't know how to get the actual text of the field to show up in my href. The code below describes it:
Email
If there is a better way to accomplish this than through an asp hiddenField, please let me know. I'm new to web design programming, so my knowledge is limited. Thanks!
I'd use the Hyperlink-control if i want to access it on serverside.
<asp:HyperLink id="hyperlinkEmail" Text="Email" runat="server"/>
and in codebehind:
string href = string.Format("mailto:{0}?Subject={1}&Body={2}"
emailAddress, subject, body);
this.hyperlinkEmail.NavigateUrl = href;
I am using C# and ASP.net to write an e-mail and send using via Gmail.
Basically, the e-mail will contain a list of checkboxes that the person can check. After the check boxes will be some wort of 'Submit' button or link that will use Javascript to check which check boxes have been checked. They will then be redirected to a new page.
So far, I can successfully create the check boxes doing this:
message += #"<input type=""checkbox"" name=""vehicle"" value="" + i + ">Text</input>";
Where i is part of a for loop so each input has it's own unique number value.
I have been trying to do this:
message += #"<a onclick=""myFunction();"" href=""http://www.mysite.com"">Submit</a> ";
However 'myFunction()' is never called. In fact the 'onclick' portion of this HTML doesn't show up in my e-mail when I 'inspect element'. What I get is this:
Submit
My goal here is to have a link that would be modified by a javascript function to make it do something like this:
<a href="http://www.mysite.com&CheckedItems=123" >Submit</a>
Where '123' could be parsed later on by 'mysite'.
For security reasons, email clients will strip all script and most CSS from emails before displaying them.
You can't do that.
This is unreliable. Just find a better way to get people to come to your site through the email to fill out the form.
Reference: Is JavaScript supported in an email message?
I have a requirement that user can input HTML tags in the ASP.NET TextBox. The value of the textbox will be saved in the database and then we need to show it
on some other page what he had entered. SO to do so I set the ValidateRequest="false" on the Page directive.
Now the problem is that when user input somthing like :
<script> window.location = 'http://www.xyz.com'; </script>
Now its values saved in the database, but when I am showing its value in some other page It redirects me to "http://www.xyz.com" which is obvious
as the javascript catches it. But I need to find a solution as I need to show exactly what he had entered.
I am thinking of Server.HtmlEncode. Can you guide me to a direction for my requirement
Always always always encode the input from the user and then and only then persist in your database. You can achieve this easily by doing
Server.HtmlEncode(userinput)
Now, when it come time to display the content to the user decode the user input and put it on the screen:
Server.HtmlDecode(userinput)
You need to encode all of the input before you output it back to the user and you could consider implementing a whitelist based approach to what kind of HTML you allow a user to submit.
I suggest a whitelist approach because it's much easier to write rules to allow p,br,em,strong,a (for example) rather than to try and identify every kind of malicious input and blacklist them.
Possibly consider using something like MarkDown (as used on StackOverflow) instead of allowing plain HTML?
You need to escape some characters during generating the HTML: '<' -> <, '>' -> >, '&' -> &. This way you get displayed exactly what the user entered, otherwise the HTML parser would possibly recognize HTML tags and execute them.
Have you tried using HTMLEncode on all of your inputs? I personally use the Telerik RadEditor that escapes the characters before submitting them... that way the system doesn't barf on exceptions.
Here's an SO question along the same lines.
You should have a look at the HTML tags you do not want to support because of vulnerabilities as the one you described, such as
script
img
iframe
applet
object
embed
form, button, input
and replace the leading "<" by "& lt;".
Also replace < /body> and < /html>
HTML editors such as CKEditor allow you to require well-formed XHTML, and define tags to be excluded from input.