I would only suggest that it be used within a Page directive (so that it only applies to a single page within your Project) :
<%@ Page validateRequest="false" %>
It's important to remember that if you are using this, you will need to be responsible for properly handling the encoding of your database values prior to them being stored within the database (to avoid possible XSS attacks etc.). This can easily be handled using theHttpUtility.HtmlEncode() method :
//Value to store in Database string encodedHtml = HttpUtility.HtmlEncode(YourHtmlTextBox.Text);
then if you ever need to actually display this value, simply call the opposite method (HttpUtility.HtmlDecode()) to convert the encoded values back to HTML prior to being displayed within your form.
If you didn't want to handle this process manually, I would recommend thta you use one of the many available HTML Editors that are offered within the .NET environment to handle this such as the HTMLEditorExtender available through the AJAX Control Toolkit.
Comments
Post a Comment