| <... value=<%=value%>> |
Becomes:
| <... value="<%=value%>"> |
One thing you want to be careful of is embedded quotes. You might try using ' or " as the delimiter, and eliminating the other for possible entry (using client-side validation of course; the value is destroyed before you'd be able to validate for it on the server side). If you have to allow both ' and ", you could consider using the rarely used "back-apostrophe" (`). You can also try to user Server.HTMLEncode() on the value, before slipping it into the HTML element.
If you do this:
| <... value='<%="foo's bar"%>'> |
This evaluates to:
| <... value='foo's bar'> |
And everything after 'foo' is ignored, because the browser interprets that as the end of the string.
Solution:
; Logging Options
; Defines what classes of security alerts are logged to the syslog daemon.
; Logging of errors of the class S_MEMORY are always logged to syslog, no
; matter what this configuration says, because a corrupted heap could mean that
; the other logging options will malfunction during the logging process.
;suhosin.log.syslog =
; log in /var/log/messages
suhosin.log.syslog = 511
; Defines the maximum number of variables that may be registered through a POST
; request.
;suhosin.post.max_vars = 200
suhosin.post.max_vars = 1000
; Defines the maximum number of variables that may be registered through the
; COOKIE, the URL or through a POST request. This setting is also an upper
; limit for the variable origin specific configuration directives.
;suhosin.request.max_vars = 200
suhosin.request.max_vars = 1000
REFERENCES
http://classicasp.aspfaq.com/forms/why-does-my-input-type-text-value-get-truncated.html
http://www.frihost.com/forums/vt-104933.html
