Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Mar 2003
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question <script> enquiry

    I have a textarea which allow user to type in their text and at the same time convert all "<" to "(" so that <script> is not possible.

    My question is how secured is this method ? any better solution to it?

    thnks,

  • #2
    Regular Coder
    Join Date
    Jun 2002
    Posts
    338
    Thanks
    0
    Thanked 0 Times in 0 Posts
    This might be more secure (I don't know what method you are using).

    Code:
    var re = /\<script(.+|\n)\>/gi;
    var n = document.getElementById('myTextarea');
    n.value = n.value.replace(re, '(script $1)');
    After validating on the client-side, you should revalidate it on the server-side just to be sure.

    Hope that helps!

    Happy coding!
    Last edited by nolachrymose; 12-27-2003 at 03:56 PM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •