Alex Pavlov
Reputation: 598
The way to check the javascript injections
Is it enough to avoid javascript injection validating input data in such way:
xssValidate = function(value) {
var container = $("<u></u>").text(value);
if($(container).html() != value) return mc.ERROR_INVALID_FORMAT;
}
I've managed to validate all the text fields and textareas values with the code above before submit them to server.
Upvotes: 1
Views: 889
Answers (1)
Greg
Reputation: 321698
I think that's going to be very annoying for your users... what if I want to type "this & that" or "11 > 7"?
What you should be doing really is escaping it when you output it.
Additionally, I hope you're validating on the server as well as the client side.
Upvotes: 6
Related Questions
- Is It Possible To Detect Injected Javascript Via Console?
- Detect injection of javascript events on page
- Javascript Injection prevention on Wordpress
- What is the simplest check possible for an HTML/JS injection attack?
- how to prevent javascript injection in java
- Detect Injected Content in Website
- Preventing Javascript Injection(not sure if it is js injection)
- How to prevent JavaScript Injection Attacks
- Filtering out Javascript injection
- Detecting DOM XSS attack