restrict user from entering direct script into textfield
Question
How can I restrict user from directly pasting html or javascript or xml text directly into textfield or textarea.
Ex. if I have webpage with textfield, and I want to validate that textfield before fetch that data to server, for raw html or xml or javascript etc .
I want to restrict this type of input from user end.
3 answers
solution1
1 2016-04-22 13:34:56
Short answer: you cannot!
While it is possible to do some JavaScript filtering before sending the data to your server, you cannot rely on users not being able to circumvent such checks. Never trust user data, always arrange for (additional) server-side checking! Modern web-application technologies ( jsf and the like) will prevent HTML and script inputs to become active on output pages. Same for object-relational database mappings or prepared statements, which help avoid SQL injections. In my experience, it is helpful to consider users as either dumb or evil to end up with applications both ergonomic and secure.
solution2
0 2016-04-22 13:34:15
You can use Class StringEscapeUtils . It helps to escape and unescape Strings for Java, Java Script, HTML and XML.
solution3
0 2016-04-22 14:02:23
Restricting the user form entering characters other than text could be an approach you can start with, however restricting any kind of input will be a long shot.
To sanitize on client side for only text you can use string in your textbox to match against a regular expression.
ex:-
var sanitize = function(event){
match = event.target.value.match(/^[a-zA-Z ]*$/gi);
if(!match){
alert("special char entered");
}
}
Attach something like this to your textfields onChange event. PS:- the above example is very rudimentary and for demo purpose only.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.