How to validate that a string doesn’t contain HTML using C#

Performs any individual have a straightforward, efficient method of examining that a string does not include HTML? Generally, I would like to check out that particular areas just have clear text. I dealt with trying to find the < personality, yet that can conveniently be actually made use of in clear text.

you’re most likely going to have to specify what you suggest by “HTML” and “clear text”, for example: Will definitely you enable a person to put “<G>” in the simple content, which appears like a HTML aspect however isn’t, as well as also, what characters will you enable.

You could possibly guarantee clear text through inscribing the input making use of HttpUtility.HtmlEncode.

Actually, relying on exactly how meticulous you yearn for the inspection to become, you could utilize it to identify if the strand contains HTML:

One concern I found was actually that bare content ampersand and lower than personalities cause an XmlException and also indicate that the area has HTML (which mistakes). To fix this, the input strand passed in 1st necessities to possess the ampersands and much less than characters changed to their equivalent XHTML companies.

Really, aged design HTML that is actually certainly not properly formed XML will result in the XElement.Parse method to stop working. My technique assumes that the Parse system falling short means that the cord contains some form of HTML. I think my regulation really looks for any kind of tags.

Angle braces may not be your only difficulty. Various other personalities may additionally be actually likely unsafe script shot. Including the typical double hyphen “–“, which can likewise made use of in SQL injection. And there are actually others.

On an ASP.Net page, if validateRequest = true in machine.config, web.config or the page ordinance, the consumer will certainly obtain an inaccuracy page explaining “A possibly risky Request.Form value was located from the client” if an HTML tag or several other possible script-injection assaults are sensed. You perhaps intend to prevent this as well as give a more exquisite, less-scary UI experience.

You could assess for both the opening and closing tags <> making use of a routine articulation, and also allow the text message if simply one of them occcurs. Permit < or even >, however not < complied with through some content and after that >, because purchase.

You could enable slant braces as well as HtmlEncode the text to keep all of them when the data is actually continued to persist.

Presently I can adequately deliver an HTML e-mail with If you provided both a plain text viewpoint as properly as the HTML perspective, I saw that using a spam specialist such would offer a much better score. I decided to try to incorporate the alternating perspectives. My concerns is that if I try and also include a clear text scenery it seems to be to override the HTML Perspective. Listed below is the code that functions wonderfully alright for establishing my HTML merely sight:

I have actually attempted eliminating 1st showed code for the body system as well as specifying the body to vacant strand to ensure it just incorporates each of the alternative sights and also performed certainly not operate. I feel I covered all transformations of the code as well as still nothing at all. Like I claimed it works flawlessly for HTML only and also it teams up with html alternating viewpoint but not when adding the simple text message view.

You generate the clear text model first however you incorporate it after the HTML version. According to the reference below, the plain text message variation should arrive.

You might likewise observe in the code example that IsBodyHtml is actually established independently for each and every model: it is falsefor the plain content model and true for the HTML version.

Leave a Reply

Your email address will not be published. Required fields are marked *