I want to add a textarea field to my website where users can paste

Question

0

Editorial Team

Asked: May 31, 20262026-05-31T13:41:02+00:00 2026-05-31T13:41:02+00:00

I want to add a textarea field to my website where users can paste

0

I want to add a textarea field to my website where users can paste a whole script into it and save it.

What I’m worried about is users trying to inject other code into the field.

This is how the script would look … ID and hex would change but nothing else:

<script type="text/javascript">
            var advertvars_vars = {
             pubid: '00000000000', // publisher id
             bgcolor: '804296', // background color (hex)
             text: 'FFFFFF', // font-color (hex)
             test: true 
            };
</script>
<script type="text/javascript" src="http://mysite.com/static/ad.js"></script>

My question is…Is there anyway of validating that the user is pasting valid code as above?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-31T13:41:03+00:00

Editorial Team

2026-05-31T13:41:03+00:00Added an answer on May 31, 2026 at 1:41 pm

This is calling for trouble. No matter how thoroughly you validate, someone will come up with a way to inject something evil in the textbox. Never, ever, eval() or otherwise run something coming from user input directly. Just add a form where user can type the values for pubid, color, etc, validate them and then assemble the javascript chunk yourself.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I want to add a textarea field to my website where users can paste

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply