public static string TruncateLongString(this string str, int maxLength) { if…

Question

0

Asked: May 15, 20262026-05-15T17:55:55+00:00 2026-05-15T17:55:55+00:00

is there a way that I could automatically format the input box via Javascript

0

is there a way that I could automatically format the input box via Javascript that prevents XSS before the user tries to click on the submit button?

like for instance, after a user types a script attack on a textbox, the javascript automatically formats the value within the textbox to a safe format.

btw, i’m not just relying on this procedure to prevent XSS, its just that our client base have phrases that triggers the ASP.Net to consider it as a XSS. here’s the exact example:

the phrase: OMY G<W TUBE/OVARY will trigger the page to consider this as XSS while OMY G< W TUBE/OVARY isn’t considered as a potential risk.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-15T17:55:55+00:00

Not hard, assuming that you can figure out exactly what triggers the ASP.Net XSS filter. For example, this will fix your shown case:

<form id="form" onsubmit="fix()">
    <input id="textbox" />
    <input type="submit" />
</form>
<script>
    function fix() {
        var t = document.getElementById('textbox');
        t.value = t.value.replace(/<(\w)/, '< $1');
    }
</script>

Please understand that this “solution” will NOT prevent XSS attacks in any way whatsoever, or validate the input in any way. XSS attacks can ONLY be prevented server-side.

How to approach applying for a job at a company ...

How to handle personal stress caused by utterly incompetent and ...

What is a programmer’s life like?

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions