My app doesn’t need to accept HTML as HTML but HTML as plain text and something that looks like markup may be entered.
Therefore unless I’m very mistaken I need to turn off page validation and to stop HTML from getting rendered I need to HTMLEncode somewhere.
Some data may be exported as CSV for use in none HTML rendering applications.
My plan was to HTMLEncode all input text either before being passed to the BLL or in the BLL itself, so HTMLEncoded strings are stored in the database.
I would then need to decode only when the data is being externally exported.
Is this the correct way? Or should I not encode any data until it is being pulled out of the database?
New FlickrFan feature★ BentoAmazon Offers Paid Web Database ServiceAmazon Web Services launches SimpleDB BetaA Friendly Reminder: Back Up Your Blog
April 10th, 2008 at 12:02 pm
This service offers instant access to Menu for high protein diet video.