-
How to suppress JavaScript
I am validating a textarea form field, the results of which will
be subsequently returned to the browser. This presents serious
security problems since a user can submit javascript into a form
that will be executed when it is sent back to the browser.
What's the best way to prevent execution of JavaScript code submitted
through a form when the text is returned to the browser for confirmation?
For example, I need to suppress the following JavaScript:
<a href="someurl.asp" onMouseOver="alert('hello world')">here it
is</a>
I'd like the browser to display the JavaScript code as opposed to executing
it.
Phil
-
Re: How to suppress JavaScript
Try Server.HTMLEncode on the data before you display teh contents.
-- Dev
"Phil" <pagee@well.com> wrote in message news:38d7beee$1@news.devx.com...
:
: I am validating a textarea form field, the results of which will
: be subsequently returned to the browser. This presents serious
: security problems since a user can submit javascript into a form
: that will be executed when it is sent back to the browser.
:
: What's the best way to prevent execution of JavaScript code submitted
: through a form when the text is returned to the browser for confirmation?
:
: For example, I need to suppress the following JavaScript:
:
: <a href="someurl.asp" onMouseOver="alert('hello world')">here it
: is</a>
:
: I'd like the browser to display the JavaScript code as opposed to
executing
: it.
:
: Phil
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
Forum Rules
|
Top DevX Stories
Easy Web Services with SQL Server 2005 HTTP Endpoints
JavaOne 2005: Java Platform Roadmap Focuses on Ease of Development, Sun Focuses on the "Free" in F.O.S.S.
Wed Yourself to UML with the Power of Associations
Microsoft to Add AJAX Capabilities to ASP.NET
IBM's Cloudscape Versus MySQL
|
Reply With Quote
Bookmarks