Results 1 to 3 of 3

Thread: [RESOLVED] Sanitizing comments field

  1. Sep 7th, 2011, 01:00 PM #1
    abhijit
    abhijit is offline

    Thread Starter
    PowerPoster abhijit's Avatar
    Join Date
    Jun 1999
    Location
    Chit Chat Forum.
    Posts
    3,226

    Resolved [RESOLVED] Sanitizing comments field

    I call a method in a library which needs to receive XML. One of the fields in this XML is called "usercomments" where the user can enter free form text from the front-end. Some of our users have figured out a way of crashing the system.
    When certain hexadecimal characters make their way to the database, the method in the library fails.

    This is the kind of error that I receive when the field to the XML Parser.
    PHP Code:
    System.ArgumentException occurred
      Message    =''hexadecimal value 0x13is an invalid character.
          Source=System.Xml
      StackTrace    :
               at System.Xml.XmlEncodedRawTextWriter.InvalidXmlChar(Int32 chCharpDstBoolean entitize)
               at System.Xml.XmlEncodedRawTextWriter.WriteElementTextBlock(CharpSrcCharpSrcEnd)
               at System.Xml.XmlEncodedRawTextWriter.WriteString(String text)
               at System.Xml.XmlEncodedRawTextWriterIndent.WriteString(String text)
               at System.Xml.XmlWellFormedWriter.WriteString(String text)
               at System.Xml.XmlWriter.WriteElementString(String localNameString nsString value)
               at System.Xml.XmlWriter.WriteElementString(String localNameString value)
               at Ax.Frameworks.BOF.VOBase.WriteXMLElement(gt dbXmlWriter xmlWriterbz dbFldInfosa0 pType typeBOFDbTblAttribute dbTblBoolean excludeKeyFields)
               at Ax.Frameworks.BOF.VOBase.ToXML(gt dbXmlWriter xmlWriterBoolean excludeKeyFields)
               at Ax.Frameworks.BOF.VOBaseCollection.ToXML(gt dbXmlWriter xmlWriterBoolean excludeKeyFields)
               at Ax.Frameworks.BOF.VOBase.WriteXMLElement(gt dbXmlWriter xmlWriterbz dbFldInfosa0 pType typeBOFDbTblAttribute dbTblBoolean excludeKeyFields)
               at Ax.Frameworks.BOF.VOBase.ToXML(gt dbXmlWriter xmlWriterBoolean excludeKeyFields)
               at Ax.Frameworks.BOF.VOBase.ToXML(gt dbXmlWriter xmlWriter)
               at Ax.Frameworks.BOF.VOBase.ToXML(Boolean includeEncoding)
               at Ax.Frameworks.BOF.VOBase.ToXML()
               at AxPartyClass.AxPartyC.SetPartyContainer(String iPartyTypein PartyC.cs:line 233
      InnerException
    Is there some kind of method in C# that will sanitize this and remove all the invalid hexadecimal characters from the text fields, so that I can do a cleanup of the comments field.

    By invalid hexadecimal characters, I mean those characters which the XML parser won't be able to parse. I don't have a list of which characters break the library and which don't.
    Everything that has a computer in will fail. Everything in your life, from a watch to a car to, you know, a radio, to an iPhone, it will fail if it has a computer in it. They should kill the people who made those things.- 'Woz'
    save a blobFileStreamDataTable To Text Filemy blog
    Reply With Quote Reply With Quote
  2. Sep 7th, 2011, 02:14 PM #2
    techgnome
    techgnome is offline
    Smooth Moperator techgnome's Avatar
    Join Date
    May 2002
    Posts
    34,537

    Re: Sanitizing comments field

    Can you pass it through as CDATA rather than the value of a node?

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *
    Reply With Quote Reply With Quote
  3. Sep 7th, 2011, 02:21 PM #3
    abhijit
    abhijit is offline

    Thread Starter
    PowerPoster abhijit's Avatar
    Join Date
    Jun 1999
    Location
    Chit Chat Forum.
    Posts
    3,226

    Re: Sanitizing comments field

    CDATA is not a possibility for now, but I did find something online, that I can use.

    You can clean up your XML using a function like this.
    PHP Code:
      public static string XmlCharacterWhitelist(string inString)
            {
                if (    inString == null) return null;

                var     sbOutput = new StringBuilder();

                foreach (var     ch in inString)
                {
                    if ((    ch >= 0x0020 && ch <= 0xD7FF) ||
                        (    ch >= 0xE000 && ch <= 0xFFFD) ||
                            ch == 0x0009 ||
                            ch == 0x000A ||
                            ch == 0x000D)
                    {
                            sbOutput.Append(ch);
                    }
                }
                return     sbOutput.ToString();
            } 
    Everything that has a computer in will fail. Everything in your life, from a watch to a car to, you know, a radio, to an iPhone, it will fail if it has a computer in it. They should kill the people who made those things.- 'Woz'
    save a blobFileStreamDataTable To Text Filemy blog
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width