form button automatically disabling with specific characters in a textbox

I've got a .net form (c#), with a few textboxes and a simple button control that runs a save procedure on the backend that saves whatever is in the textboxes to the database. This is for an internal system with only trusted users using it. There is NO validation currently on any of the boxes.

The system works, but if any opening or closing tag characters ("<" or ">") are entered into any textbox on the page, the button automatically is disabled. You click on it and nothing happens (I went ahead and through a breakpoint on the save button to see if its even being fired at all, and no dice)

I'm assuming this is some sort of built-in mechanism in the webform to maybe prevent against sql injection attacks or something? Is there a way to disable it?

-- editing to add relevant code. Note that I'm not going into depth as to what the save button does, because its not firing in the first place. With no "<" or ">" in the textbox (txtText_Box1) it works fine with no issues.

<b>Title</b><br />
        <asp:TextBox ID="txtTitle_Box1" runat="server" Width="600px"></asp:TextBox><br /><br />
        <b>Text</b><br />
        <asp:TextBox ID="txtText_Box1" runat="server" Width="600px" TextMode="MultiLine" Rows="4"></asp:TextBox><br /><br />
        <b>Link To</b><br />
        <asp:TextBox ID="txtLink_Box1" runat="server" Width="600px" /><br /><br />
        <b>Link Text (always ends with >>)</b><br />
        <asp:TextBox ID="txtLinkText_Box1" runat="server" Width="600px" /><br /><br />
        <b>Image</b><br />
        <asp:Image id="imgBox4" runat="server" /><br /><br />
        <br /><br />
        <asp:Button ID="btnSave" runat="server" Text="Save Changes" CssClass="cssButton1" OnClick="btnSave_Click" />


     protected void btnSave_Click(object sender, EventArgs args)
    {

            string sTitle = string.Empty;
            string sText = string.Empty;
            string sURL = string.Empty;
            string sLinkText = string.Empty;

            sTitle = txtTitle_Box1.Text.ToString();
            sText = txtText_Box1.Text.ToString();
            sURL = txtLink_Box1.Text.ToString();
            sLinkText = txtLinkText_Box1.Text.ToString();

            ....

    }

2012-04-04 20:04
by optionsix

Is this a winform or is this a web app? Also I haven't heard of the <> characters disabling or breaking the code by default - CBRRacer 2012-04-04 20:08

Please post the markup and any relevant code if you can - Steve Danner 2012-04-04 20:11

web app, sorry for confusion. Will post code in a sec - optionsix 2012-04-04 20:29

Normally you would get a Request validation error when you enter illegal characters. Isn't there any Javascript used - Wouter de Kort 2012-04-04 20:57

out of curiosity why store the html markup for the anchor tag why not just store the link url and then render then when you call the url from a webpage populate the url into the src of the a tag? As to why this is happening I'm not sure because from what I have seen unless you specify text that is or is not allowed it should work fine. If the "<" or ">" is breaking the code it's from something else that is not default to asp.net pages - CBRRacer 2012-04-04 21:24

Honestly I had this drop in my lap and I'm running with it, I didn't code it from scratch. Was trying to get it operational with as little hassle as possible. I'm going to see if there's something else somewhere in the code that I'm not seeing. I've never had a button just disable itself before - optionsix 2012-04-04 22:10

After alot of trial and error, I narrowed it down to only one character which wonks the button. "<", every other character on the keyboard including the ones most prevalent in sql injection attacks work fine. I didn't really "fix" the problem, but I implemented a workaround and put in an escape character. "::" instead of "<". Seems extremely silly, and I still have no idea why this is happening, but it does get me past my issue. If anyone has a better idea I'll certainly ask to have this answer canceled and give full credit to you.

2012-04-06 13:58
by optionsix