Hi All,
How to check if the string has any html content in it? Is there any inbuild function available to do this validation.
Thanks,
KJ
Hello Karthik
I don't know. Maybe in Forge you can find something.The problem is that this requires "parsing" the string, and it would be a complex task.
If you are concerned of using an user input as the source to an inline statement in a SQL tool, for example, you should use the EncodeSQL function in case it is a simple value, or if it is a list, you can use the BuildSafe_InClause... functions
https://success.outsystems.com/Documentation/Best_Practices/Development/Building_Dynamic_SQL_Statements_the_Right_Way
Cheers.
Eduardo Jauch wrote:
Thanks Eduardo, I am trying to validate the text received in the API request. I want to block those request which has html tags & set of special characters. I thought of adding a validation in the API's OnRequest action to validate the request text. Is there any other way to validate all the input strings in a API request?
Thanks, KJ
To complement what Eduardo said you can also use EncodeHtml() built-in function or SanitizeHTML() Sanitization extension module to prevent any malicious code passed into the string
https://success.outsystems.com/Documentation/11/Reference/Errors_and_Warnings/Warnings/HTML_Injection_Warning
Best regards
If you want to do it on server side use regex_search method with regex to check html tags it will return true if it does contain any html tag.
Regex should be like this :
"<\s*([^ >]+)[^>]*>.*?<\s*/\s*\1\s*>"
or
"<(.|\n)*?>"
link: https://stackoverflow.com/questions/204646/how-to-validate-that-a-string-doesnt-contain-html-using-c-sharp
Or can give a try to this forge with regex, it will check regex at client side:
https://www.outsystems.com/forge/component-overview/6574/client-side-custom-regex-regular-expression-validations
https://www.outsystems.com/forge/component-overview/6578/regex-client-side-validation-sample
Abdul,
I think the Regex method will almost for sure give false positives... No?
Cheers!
Sorry, i dint get it. Can you please elaborate Do you wan to say regex search will not work in this case.
What I know is we can check html tags with regex,I have done this when I was woring with .net/C#.
Please let me now if I missed something.
I am asking if this regex will not mark some "normal" text as if they were HTML tags. Like, not all text between < and > is an HTML tag...
I am asking if this regex will not mark some "normal" text as if they were HTML tags.Like, not all text between < and > is an HTML tag...
Yes you are right, if this is the case then it will mark them as html tag.
wanted to add following regex "(\<\w*)((\s\/\>)|(.*\<\/\w*\>))" will only return true if open "<" and closing "/> tag both found.
tested here https://www.regextester.com/95818
Hum...
I would avoid trying to "validate" the text.I would just sanitize it, using the same techniques in the link I sent (or that Carlos provided), to just strip out anything that can make like it is HTML/JavaScript/SQL, and move on. Later, if the request was malicious, it will just fail...
Again, trying to identify things in the text will be not efficient, and probably will give false positives...
But this decision depends on your requirements... (and how your service handles "invalid" requests).
Karthik Jeyaraman wrote:
Hi,
Could be helpful,
https://www.outsystems.com/forums/discussion/33685/how-to-filter-html-tags-while-searching-for-an-alphabet/
https://www.outsystems.com/forge/component-overview/145/html-utils
Thanks