Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder
    Join Date
    Oct 2009
    Thanked 3 Times in 3 Posts

    how to store javascript in DB, so it does not execute when 'code' is later displayed

    I have just found a bug in my code that allows members to add in some javascript to their profiles and this is being executed when their profiles are being viewed by other members.

    after doing a simple test like so myself, i see that the JS is being stored so it functions normally when viewed.

    <script language='JavaScript'>

    How do I stop the JS from running but instead allow it to show as text instead. the profile field they fill out should not have JS at all, but only just came to light that this problem exists!

    Any help on this would be much appreciated.

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Thanked 2,224 Times in 2,211 Posts
    Always pass all the values entered by users through function htmlentities() before echoing on your site. Or use strip_tags() to remove all html tags in it.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)


    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts