Re: Datagrid security hole????

From: Aaron Margosis [MS] (
Date: 07/07/02

From: "Aaron Margosis [MS]" <>
Date: Sun, 7 Jul 2002 01:16:20 -0400

All user input must always be filtered and validated before being used.
Never insert unknown and unfiltered data directly into web pages, SQL
queries, or other command strings.

-- Aaron

"Marco Paci" <> wrote in message
> Hello all,
> I'm working on the development of an application used to collect
> requests of help from users of a service. Users insert a description of
> their problem in our database.
> To visualize the pending requests I wanna use a Datagrid. I noticed that
> someone store a javascript in the field for the description of the
> when I visualize the Datagrid the javascript is executed.
> I wanna keep this kind of user interface without give up to use the
> to render the datas. Can anyone suggest me a solution?
> I hope this problem will be long discussed on this newsgroup because it
> seems to me the kind of behaviour that can introduce too easily threats in
> applications.
> Tia
> Marco Paci