CODEWITHSUNDEEP
javascriptjquery
Geekling
Geekling

Reputation: 23

Can someone inject malicious code into this?

I'm considering the use of a, 'What's on your mind?' comment box in one of my pages.

     var statusBox = function() 
     {
     $(".btn").click(function() {

     var post = $(".whatsUp").val();
     $('<li>').text(post).prependTo(".entry");
     $('.whatsUp').val('');
     $('.charRemainder').text('130');
   });
   $('.whatsUp').keyup(function() {
     var postLength = $(this).val().length;
     var charactersRemaining = 130 - postLength;
     $('.charRemainder').text(charactersRemaining);
  });
 };
 $(document).ready(statusBox);

Question: Could someone inject malicious code by way of this utility? No database involved. Thanks in advance!

Upvotes: 1

Views: 120

Answers (2)

M.S.
M.S.

Reputation: 1091

To add to the existing answer, there is no injection possible that could cause any harm to a back-end server, as this is purely a front-end functionality.

That being said, client-side JavaScript is inherently unsafe in the sense that a user can edit a web page's JavaScript code through their browser. Nothing can really be done about that when it comes to front-end functionality.

However, when passing data to a server, it is extremely important to remember to not do your error trapping and input validation in JavaScript alone, since a user can easily remove this logic. All such validation should be done on the back-end.

Upvotes: 1

Comptonburger
Comptonburger

Reputation: 594

No. If this is not saved on the server in any form then you are not vulnerable to SQL injection or XSS (cross site scripting).

I can't imagine the use of a comment box that doesn't save somewhere, though.

Upvotes: 2

Related Questions