Reputation: 730
How can i block script injection in textbox or textarea using jquery or javascript?
I am having a form that contains textbox and textarea. I want to validate it to stop injection of script using textbox or textarea. I need to do it using jquery or javascript.
Is there any RegEx available for that or any other way to detect and stop script.
Upvotes: 1
Views: 2663
Answers (2)
Reputation: 51668
If you're just saving it in a database, you don't need to do anything. If you're printing out the value in an HTML page, HTML-encode it first. No validation necessary.
Upvotes: 1
Reputation: 382881
Take a look at ReForm by OWASP::
Reform is a tool that does exactly this. Reform allows you to escape your data for a javascript, xml, html or vbscript (yes it still exists) context. It provides libraries for Java, .NET, PHP, Perl, Python, Javascript and ASP.
Secondly, you MUST validate on server-side level as well. JavaScript can easily be disabled in the browser.
Upvotes: 0
Related Questions
- How to make Enter character forbidden in textarea
- Prevent user hitting Enter except Textarea
- how do I make it impossible to type into my textarea tag?
- Javascript injection attack prevention for textboxes
- Trying to prevent input into textarea
- js - jquery : prevent input from code injection
- Disable Javascript execution in textarea
- Using JQuery, how can I prevent users from entering script or html into input fields?
- Disallowing keystrokes in the textarea with jQuery
- How to stop a webpage from executing javascript that resides inside a textarea or as value to input (type text)?