stackoom
  简体   繁体   中英

Disable html/javascripts commands in text fields

 原文  2013-08-09 20:30:28       javascript/ html/ text/ field

Question

How do I prevent input in texts fields from containing HTML and JavaScript code?

Example: I have an input text field. If the user enters javascript instructions, then they get executed.

How can I modify 

<script>alert('aces')</script>

so that it will show up as normal text in my field and not as a alert when i try to list it?

1 answers

solution1
 0  2013-08-09 20:46:28

Have you looked into libraries like underscore.js (used by Backbone.js)?

It comes with escape functions that prevents user entered javascript to run. http://underscorejs.org/#escape and http://underscorejs.org/#unescape

so you would write:

alert(_.escape(USERINPUT));

this becomes even more important when you add user input to your DOM, for security reasons you need to escape inputs (or allow only a selection of harmless tags like < strong >).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Javascripts to remove text from HTML XAMPP HTDOCS, html elements getting commands from wrong (non present ) javascripts scripts in root folder Disable fields of a select in html with JS Disable text selection on input fields HTML multiple forms with 2 javascripts How to combing HTML and JavaScripts in one How to disable fields in html using javascript javascript - disable popup preview on html input fields Problem disable fields of a select in html with JS Disable pasting text into HTML form
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM