Lets say for example you have a text box with which you store certain text in a SharePoint List and while displaying the data to users, you make use of a label.
Now i add a script alert(“Hello”) in the text box and save it, the script will get saved
The same I view in a label, and BANG, script is executed.
This is a security threat, so we need to avoid this kind of situation.
Now in Asp.NET, we have something called as “validateRequest” which is by default set to false, if we set it to true, IIS will automatically block such scripts that are added through controls while submitting.
For more information please go through the following links
But for some reason this didnt work for me, so i used Regex as the solution.
/// Compiled regular expression for performance.
static Regex _htmlRegex = new Regex("<.*?>", RegexOptions.Compiled);
/// Remove HTML from string with compiled Regex.
public static string StripTagsRegexCompiled(string source)
return _htmlRegex.Replace(source, string.Empty);
Check below link for better understanding