...

View Full Version : <script> enquiry



kambateh
12-27-2003, 08:45 AM
I have a textarea which allow user to type in their text and at the same time convert all "<" to "(" so that <script> is not possible.

My question is how secured is this method ? any better solution to it?

thnks,

nolachrymose
12-27-2003, 02:53 PM
This might be more secure (I don't know what method you are using).


var re = /\<script(.+|\n)\>/gi;
var n = document.getElementById('myTextarea');
n.value = n.value.replace(re, '(script $1)');

After validating on the client-side, you should revalidate it on the server-side just to be sure.

Hope that helps!

Happy coding! :)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum