Replace existing textbox in project with new one at runtime in asp.net

HI All,

I need your suggestions/idea on this.When we started the project,client said that we want to accept Potentially Dangerous HTML Tags(like img,script,link etc...) into textbox,and we save textbox value into database.

Now,Client want to allow these tags ,but 开发者_如何学运维want to save these values in encoded form(to avoid xss)

Now, I just wanted to know that is there any way in asp.net ,so that I can replace behavior of all the existing textboxes with new SafeTextbox with minimal changes(I don't want to add HtmlEncode or HtmlDecode to each textbox.)

For example

public class NewTextBox:TextBox
{
    public override string Text
    {
        get { return HttpUtility.HtmlDecode(base.Text); }
        set { base.Text = HttpUtility.HtmlEncode(value); }
    }

}

At runtime

ProjectTextBox replaces with NewTextBox

You could look into TagMapping in ASP.NET.

http://msdn.microsoft.com/en-us/library/ms164641(v=vs.100).aspx

The tagMapping element defines a collection of tag types that are remapped to other tag types at compile time. This remapping causes the mapped type to be used in place of the original tag type for all pages and controls in the ASP.NET application within the scope of the configuration file.

<pages>
  <tagMapping>
     <add tagType="System.Web.UI.WebControls.TextBox"
          mappedTagType="Yournamespace.NewTextBox" 
     />
  </tagMapping>

You can set ValidateRequests to true at page level or for all pages from web.config.

Not sure if this would help, but have you considered control adapters?

http://www.singingeels.com/Articles/How_To_Control_Adapters.aspx