Working with resource files (.resx) in Visual Studio 2002/2003/2005 is very easy and straightforward. A .resx file is a fairly simple XML file that can be used for a lot of things. Where I have used it the most is for localization of ASP.NET websites and Windows Forms applications. All though it can contain images and other file types, I have only used for storing strings.

At work, we are working with a localized ASP.NET application that has to be translated into several different languages. So we use .resx files for storing these languages. Us, the developers, do not do the actual translating our selves. Nor do we decide what to be written in the first place. That’s for the copywriters to decide and control.

The problem is that they do not have the means to control the text without going through one of the developers that can easily open the .resx file in Visual Studio and make the changes. The copywriters haven’t got Visual Studio installed and cannot open the .resx in Notepad to make the changes in the raw XML. It’s just too complicated. It would also be a bad idea to let them modify the XML document manually, because if they make a syntax error, the whole .resx file will be invalided and the website would throw a lot of exceptions.

So, I searched the web for an application designed for editing resource files. I wanted to find a simple and intuitive application, but I couldn't. Not even Scott Hanselman's ultimate list of tools offered me one.

That’s when I saw the light and decided to write my own little resource editor application. It is written entirely in C# 2.0 and is deployed as a ClickOnce application. It is a very simple app, which only does what it is supposed to do – edit resource files. No more, no less. The only added feature is a security lock down for the name column. This will prevent the copywriters from editing the name and deleting and adding rows. This can be turned on and off by checking the check box in the bottom left corner.

Give it to your copywriters and let them edit the text by them selves.

Download the Resource Editor application
Download the C# project

Enjoy.

A lot of websites allow users to input text and submit it to the site. This could be forums, blogs, content management systems etc. Imaging if the user writes HTML into these form fields? It could be perfectly harmless when used for styling, but it could also be used the wrong way.

A typical scenario would be when a user enters JavaScript that does harmful things or embedding a style sheet that ruins the websites layout. This is normally referred to as Cross-Site Scripting (XSS).

We have to mitigate that risk, and that’s when regular expression comes to the rescue. Here is a very simple method that strips all HTML tags from a string or just the harmful tags – you decide. The method takes two parameters: the string that needs tag removal and a boolean flag that determines if harmless tags are allowed or not.

public static string StripHtml(string html, bool allowHarmlessTags)
{
    if (html == null || html == string.Empty)
        return string.Empty;
        
    if (allowHarmlessTags)
        return System.Text.RegularExpressions.Regex.Replace(html, "</?(?i:script|embed|object|frameset|frame|iframe|meta|link|style)(.|\\n)*?>", string.Empty);

    return System.Text.RegularExpressions.Regex.Replace(html, "<[^>]*>", string.Empty);
}

You can add more harmful tags to the regular expression string if you'd like. Enjoy.

Try the demo