Jerry Jones
Reputation: 796
Sanitize codes injection using jQuery
I am using a comment box and insert the value to mysql using ajax. Same time I append the entered comment with jQuery to the same page. The problem is if the entered text is some JavaScript code, like
<script>alert('hello');</script>
it shows the alert. In my database I sanitize these code but since I append it in client side I need to display the entered text like it is.
Well I use,
<div contenteditable="true"></div>
Any immediate help, please?
Upvotes: 2
Views: 404
Answers (2)
Jerry Jones
Reputation: 796
I used this method!
str.replace(/</g, "<");
str.replace(/>/g, ">");
Upvotes: 0
Maksym Kozlenko
Reputation: 10363
The following snippet HTML encodes string to:
"<div>Here is an HTML</div"
$("p").text("<div>Here is an HTML</div").html()
Upvotes: 1
Related Questions
- How would I sanitize this string? (preferably in JQuery)?
- sanitize user input on client side using javascript
- jQuery safe injection of html
- protect ajax & jquery injection
- avoid javascript injection while maintaining HTML?
- Javascript/Jquery Prevent injections from executing code
- Sanitization with Javascript and jQuery: Escaping quotes and double quotes automatically?
- Filtering out Javascript injection
- Sanitize jquery string?
- Sanitize input for code blog