.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Disadvantages of HTML injection?

Posted By:      Posted Date: April 10, 2011    Points: 0   Category :ADO.Net



I´ve created several web pages, that makes use of HTML injection. That means a script on a web page that calls a web service, gets html code returned, and the script then injects the html code in a div somewhere.

This solution avoids postbacks, returns data faster back to the end-user and creates a more smooth web experience.

But what are the downsides of html injection? The only thing I can think of, is that code maintainance gets harder as the project gets larger..

Thanks for your thoughts.


Kind regards,


View Complete Post

More Related Resource Links

workaroud for HTML header injection attack in asp.net ?


Hai All,

on our site we are running the IBM APP SCAN Tool that tool is giving one problem that is HTML Header injection. so, how can we fix this problem. anybody faced this problem let me know.


Burepalli V  S Rao.

ASP.NET, HTML, JavaScript Snippet Support (VS 2010 and .NET 4.0 Series)

This post covers another useful improvement in VS 2010 - HTML/ASP.NET/JavaScript snippet support. Snippets allow you to be more productive within source view by allowing you to create chunks of code and markup that you can quickly apply and use in your application with a minimum of character typing.

Visual Studio has supported the concept of "snippets" for VB and C# in previous releases - but not for HTML, ASP.NET markup and JavaScript. With VS 2010 we now support snippets for these content types as well.

SQL Injection Walkthrough / Tutorial

SQL Injection is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.

Maintain HTML Radio Button Selection Inside GridView After Postback

Long time ago I wrote an article about getting the value of the selected RadioButtons inside the GridView control. The code did not addresssed the postback issue which means that the selected radio button was cleared after the postback occurs.

Rendering ASP.NET Script References into the Html Header

One thing that I've come to appreciate in control development in ASP.NET that use JavaScript is the ability to have more control over script and script include placement than ASP.NET provides natively. Specifically in ASP.NET you can use either the ClientScriptManager or ScriptManager to embed scripts and script references into pages via code.

Getting value of Html.TextBoxFor(m => m.name)


Hi All,

I am new to Asp.net MVC 2. I am unable to get value for Html.TextBoxFor(m = > m.name) in view. I can get this value in Controller.

How to get this value in view.

Please help.

Embed Youtube inside Ajax Html Editor- problem



When inserting a simple embed of youtube inside the ajax editor, on firefox and chrome problems occur. On the other hand on internet explorer 8 everything works fine. I found this solution http://www.nopcommerce.com/boards/t/4228/bug-in-ajax-html-editor.aspx . 

My question is where do I find the DesignPanel.pre.js ?


Roderick Vella

Re-positioning an HTML container with javascript onresize with a Master page.


I have an HTML <div> container that I float to the right of a gridview.  When the browser window is maximized, it looks fine.  When minimized, the gridview positions below the floating container and most of the data is pushed off the bottom of the browser - you have to scroll down to see it.

If I position the floating container above the gridview it looks fine in a minimized window, but looks real bad when maximized.

What I want to do is use a javascript: onresize event to re-position the floating container up or down depending on the window.inner.width AND do it with a Master/Content page structure AND do it for only the one page where needed.

I can capture the onresize event and display the window dimensions but haven't figured-out how to do it with a Content page that still uses the Master page.  I think I'm having a very "thick" week...

- Tinker


adding a url to html img


I am having an html img tag in which the user is being shown images. However I now want to open a url when the user clicks my img. 
What do I need to do to be able to achieve this? 

VS 2010 HTML validation "in CSS" option - where the hell is it?


In VS 2008 there is a very useful feature of background HTML validation - it checks if CSS class name is valid i.e. it exists in one of the linked css files. But VS 2010 Express does not do that any more. And the relevant setting in Options->Text Editor->HTML->Validation->in CSS is not there. Ok, maybe they made it paid for option? VS 2010 Professional? Not there. Or maybe VS 2010 Ultimate? Not a trace.

1. am I blind?

2. they decided it is too convenient to use and removed it?

3. they will "introduce" it in SP1?

What is going on? That one thing made me move back to VS 2008 web developer.


VWD rearranging HTML


Hey guys,

Have been VWD for a while now but VWD2010 seems to have one really annoying habbit. I'll write a whole load HTML with server tags and when I save, not always but quite often, VWD will squash all tags together in seemingly random arrangement completely removing my formatting conventions that make it easy for me to read. All the tags are still in the right order and makes no difference to how the page works, it just makes it really difficult to read quickly when scanning over it looking for a particular section.

For example:

        <asp:Panel ID="pnlConfirm" runat="server" Visible="false">
<asp:Table ID="tblConfBilling" runat="server">
<asp:Label ID="lblName" runat="server" Text="" />
<asp:Label ID="lblAddress" runat="server" Text="" />

Encoding en Decoding HTML



I stored in a database a ntext "<b>Hello</b>";

But when  I read it from the database I see <b>Hello</b> instead of Hello.

In the html source I see this: &lt;b&gt;Hello&lt;/b&gt;

Any Idea?


Html.PageLink not resolving ... any documentation?


Downloaded the code from here:


The Register.cshtml is having commented code which enables sending email to users for email verification.

This is the link not getting resolved properly in the email:

var confirmationLink = Html.PageLink("~\\Account\\Confirm", "click to Ccnfirm your Account.", new {token = token});

Mail.Send(email, "Confirm Your Security Demo Account", confirmationLink.ToString());

It is opening something like this: http://confirm/?token=tR9nWxnBPN34Kag

Note: I get the email but the link is not resolved properly.

Just for workaround and testing I did this and it worked:

var confirmationLink = "<a href='http://localhost:50620/Account/Confirm.cshtml?token=" + token.ToString() +"'> Please Confirm Your Account </a>";

If anyone can share some light on this Html.PageLink method and why is it not working?<

Rendering data with HTML tags in the DD Gridview for a selected column


I am having trouble finding out where and how to HTML Encode a cell's data on the Dynamic Data (v4.0) gridview of List.aspx.  As a simple case, suppose I have formatted cell data that is A<br/>B in the DB.    Obviously, I want A stacked on B in the cell.

It seems gridView1.HtmlEncode = true has gone away.

So maybe I'll try to catch it on the RowDataBound event:

protected void GridView1_RowDataBound(Object sender, GridViewRowEventArgs e)

            if (e.Row.RowType == DataControlRowType.DataRow)
                // Html Encode the cells


but this event never fires?

Has anyone figured out how to properly render HTML tags data in the List.aspx's GridView1? 

If I figure this out, then I can add a MetaAttribute called something like [EncodeAsHtml(true)] and be on my way.  Thanks!

Architecture Advantages and Disadvantages


 I have read online about the disadvantages and advantages of the different application architecture tiers. I try to use an n-tier architecture when I build my web applications, but also build 2 tire applications for quick pushout applications that do not require many forms or logic. I have not read anything dealing with the performance pros and cons of using a specific architecture over another. Wanted to see what members opinions were and which is the best method to use, be it 2-tier, 3-tier or n-tier.

Html Link Button


Hi All,

I would like to create a html link button(in aspx page) so that the page could not post back and some controls to display on clicking link button.

Can any one of you help me regarding this issue?

Let me know if you have any queries.



How to Convert HTML to Image


 HI all,

I was struggling for the process/code to convert html to image. Please suggest any tutorials for this. And also any code help greatly appreciated.


thanks and regards,



ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend