发送前从输入中删除 HTML 标签
[英]Remove HTML tags from input before sending
问题描述
I have some chat script and I'm trying to filter the input field before clicking send or submit.
我有一些聊天脚本,我正在尝试在单击发送或提交之前过滤输入字段。 This is my input filed:这是我的输入文件:
<input required type="text" name="content" maxlength="300" id="content" placeholder="Write Your Message.." autocomplete="off">
submit提交
<button type="submit" class="sound-btn" id="submit_button">
<i class="fa fa-paper-plane"></i>
</button>
when im trying to send some tags like当我试图发送一些标签时
<img src="avatar/user1_13128662_tumb.jpg">
<div id="test">
demo text
</div>
unfortunately is working不幸的是正在工作
what i need to do.. remove all attr tags from input or prevent to write html tags inside input because all of this data saved in database and very dangerous and allow xss injected too something like this我需要做什么..从输入中删除所有attr标签或阻止在输入中写入html标签,因为所有这些数据都保存在数据库中并且非常危险并且允许注入xss也像这样
<b>
<div>
</div>
<img
<a
<li
<ul
and all the HTML tags just keep links and numbers and normal text
I think all HTML tags what I need to keep http and https and mailto: and the normal text and numbers just filter unwanted characters before to send by javascript or jquery..thanks I think all HTML tags what I need to keep http and https and mailto: and the normal text and numbers just filter unwanted characters before to send by javascript or jquery..thanks
2 个解决方案
解决方案1
0 2019-10-30 01:09:03
Use regex before sending it to Database,identify the tags by "<".在将其发送到数据库之前使用正则表达式,通过“<”标识标签。
解决方案2
0 2021-12-03 08:41:12
You could apply a simple regex to the onchange Event of your input:您可以对输入的 onchange 事件应用一个简单的正则表达式:
document.getElementById('content').addEventListener('change', (e)=> {
let tValue = e.target.value.replace(/<[^>]+>/gim, '');
e.target.value = tValue;
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.