PICS (Platform for Internet Content Selection) and P3P (Platform for Privacy Preferences) are two really nice things to be aware of when developing web applications. If your website targets children, maybe you sell toys, you should know about products like NetNanny that blocks access to certain websites based upon a lot of parameters. It’s for the protection of children that parents install these website blockers to keep their youngsters from accessing websites containing violence, nudity etc.

That’s why the World Wide Web Consortium created PICS. You can then label your website with a set of codes that tell products like NetNanny about the content of your site. If you don’t label your website, you run the risk of being blocked by these kinds of products.

P3P is about securing the users privacy and for web developers it’s about the permission to set cookies on the user’s browser. Well, that and other things which are not important right now. Internet Explorer 6.0 supports it very well, which makes it a no-brainer to implement, since it’s the worlds most used browser. You could risk that a user does not accept your cookies and that could ruin his or hers experience on your site. If you are about to create third-party cookies, you definitely need a P3P policy.

It is normally quite cumbersome to creating P3P policy files and creating a PICS label from ICRA, but I’ve done it for your, so don’t look any longer. Just place this method in the global.asax file on your website and you're good to go.

Private Sub Global_BeginRequest(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.BeginRequest
  Response.AddHeader("P3P", "CP=""NOI DSP COR ADMa IVDa OUR NOR""")
  Response.AddHeader("Pics-Label", "(pics-1.1 ""http://www.icra.org/ratingsv02.html"" l gen true for ""http://" & Request.Url.Host & """ r (nz 1 vz 1 lz 1 oz 1 cz 1))")
End Sub

Remember, this is a quick fix – not the whole shebang, but it works. Enjoy.

A lot of websites allow users to input text and submit it to the site. This could be forums, blogs, content management systems etc. Imaging if the user writes HTML into these form fields? It could be perfectly harmless when used for styling, but it could also be used the wrong way.

A typical scenario would be when a user enters JavaScript that does harmful things or embedding a style sheet that ruins the websites layout. This is normally referred to as Cross-Site Scripting (XSS).

We have to mitigate that risk, and that’s when regular expression comes to the rescue. Here is a very simple method that strips all HTML tags from a string or just the harmful tags – you decide. The method takes two parameters: the string that needs tag removal and a boolean flag that determines if harmless tags are allowed or not.

public static string StripHtml(string html, bool allowHarmlessTags)
{
    if (html == null || html == string.Empty)
        return string.Empty;
        
    if (allowHarmlessTags)
        return System.Text.RegularExpressions.Regex.Replace(html, "</?(?i:script|embed|object|frameset|frame|iframe|meta|link|style)(.|\\n)*?>", string.Empty);

    return System.Text.RegularExpressions.Regex.Replace(html, "<[^>]*>", string.Empty);
}

You can add more harmful tags to the regular expression string if you'd like. Enjoy.

Try the demo