In general the web application would not allow the special characters when posting the data to server to avoid injections.
There are two ways we can handle the scenario
1) Don’t allow special characters : Provide user friendly message to the user. And this might be annoying to client sometimes it is required to enter special characters.
2) Allow the special characters: Let allow the special characters and handle it using data scrubbing. Use proper encoding and decoding techniques to handle special characters.
In ASP.net MVC , we have to decorate “AllowHtml” for a property requires a HTML. So that asp.net will handle it.
No comments:
Post a Comment