We would like to stop users inputing html or javascript in a text box.
We can just parse the input and check for angel brackets. Was wondering is there a better way to do this?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We would like to stop users inputing html or javascript in a text box.
We can just parse the input and check for angel brackets. Was wondering is there a better way to do this?
I have found that replacing the angel brackets with encoded angel brackets solves most problems. Here is a reference for all the ways people can cross-site script. Making a regex to stop any flavor of HTML and or Script is damn near impossible.