SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Enthusiast Pramit's Avatar
    Join Date
    Feb 2007
    Posts
    55
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question how can i block html codes in text box?

    I want to stop users running html tags and javascripts in my text box. How can I do this?

  2. #2
    CSS & JS/DOM Adept bronze trophy
    Join Date
    Mar 2005
    Location
    USA
    Posts
    5,482
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is something you should do with whatever server-side language you are using.

    Remove anything that starts with javascript: and convert < and > to &lt; and &gt;, respectively.
    We miss you, Dan Schulz.
    Learn CSS. | X/HTML Validator | CSS validator
    Dynamic Site Solutions
    Code for Firefox, Chrome, Safari, & Opera, then add fixes for IE, not vice versa.

  3. #3
    SitePoint Wizard
    Join Date
    Mar 2001
    Posts
    3,537
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A hacker can disable javascript to prevent a script from checking the input. However, it's still worth having such a script to avoid a round trip to the server when the user has js enabled. If any of those symbols are found, you can cancel the submit by returning false from the onsubmit function. But as Kravvitz correctly points out, you still have to check the input on the server side to guard against hackers who disable js and enter prohibited text.

  4. #4
    CSS & JS/DOM Adept bronze trophy
    Join Date
    Mar 2005
    Location
    USA
    Posts
    5,482
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    7stud, by "hackers" I think you mean "crackers" (black-hat hackers). Being a hacker or a cracker has nothing to do with turning JavaScript off. There are many reasons to turn it off.

    I use Firefox's NoScript extension which blocks JavaScript (which I write scripts in on a regular basis) and Flash except for domains that I specifically allow.
    We miss you, Dan Schulz.
    Learn CSS. | X/HTML Validator | CSS validator
    Dynamic Site Solutions
    Code for Firefox, Chrome, Safari, & Opera, then add fixes for IE, not vice versa.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •