Home/ Questions/Q 3423842
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T06:24:11+00:00

I have a form and as of right now, you can type any javascript,

  • 0

I have a form and as of right now, you can type any javascript, etc. you want. Any XSS, etc.

How do I go about creating a whitelist so you can only post characters.

At some point I would like anything that starts with http:// to be converted to

<a href="http://..."></a>

Thanks

Is this efficient?
http://htmlpurifier.org/

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    jQuery or Javascript is preferred

    Well, no, you can’t do that, you see? Because even if you ‘sanitize’ your data using javascript, noone’s stopping anyone from

    • turning off javascript
    • using a browser’s developer console to mess with the data
    • doing the POST directly, without a browser

    In other words, you have to perform the validation/sanitization on the server side. Javascript validation is there to enhance the experience of your users (by providing instant feedback on invalid input, for example).

    • 0