public static bool CodeCheck(System.Web.HttpServerUtility server, XmlNode renderingDocument)
{
string val = (renderingDocument.Attributes["src"]).Value;
// decode value
val = server.HtmlDecode(val.Replace("'", "'"));
// not allowed code
val = val.Replace(" ", "").ToLower();
if (val.Contains("<script") || val.Contains("<iframe") ||
val.Contains("</body") || val.Contains("</html")
)
{
return(false);
}
int commStart = val.LastIndexOf("<!--");
if (commStart >= 0 && val.LastIndexOf("-->") < commStart)
{
return(false);
}
return(true);
}
public Control GetWebControl(System.Web.HttpServerUtility server, XmlNode renderingDocument)
{
Label lbl = new Label();
string val = (renderingDocument.Attributes["src"]).Value;
// decode value from Xml
val = server.HtmlDecode(val.Replace("'", "'"));
//check
if (StaticHtmlCode.CodeCheck(server, renderingDocument))
{
lbl.Text = val + "<br />";
}
else
{
lbl.Text = "<font color='red'>*** Error: Invalid HTML Code ***</font><br />";
}
lbl.Style.Add("z-index", "200");
return(lbl);
}
