public static bool CodeCheck(System.Web.HttpServerUtility server, XmlNode renderingDocument) { string val = (renderingDocument.Attributes["src"]).Value; // decode value val = server.HtmlDecode(val.Replace("'", "'")); // not allowed code val = val.Replace(" ", "").ToLower(); if (val.Contains("<script") || val.Contains("<iframe") || val.Contains("</body") || val.Contains("</html") ) { return(false); } int commStart = val.LastIndexOf("<!--"); if (commStart >= 0 && val.LastIndexOf("-->") < commStart) { return(false); } return(true); }
public Control GetWebControl(System.Web.HttpServerUtility server, XmlNode renderingDocument) { Label lbl = new Label(); string val = (renderingDocument.Attributes["src"]).Value; // decode value from Xml val = server.HtmlDecode(val.Replace("'", "'")); //check if (StaticHtmlCode.CodeCheck(server, renderingDocument)) { lbl.Text = val + "<br />"; } else { lbl.Text = "<font color='red'>*** Error: Invalid HTML Code ***</font><br />"; } lbl.Style.Add("z-index", "200"); return(lbl); }