View Full Version : <script> enquiry
12-27-2003, 09:45 AM
I have a textarea which allow user to type in their text and at the same time convert all "<" to "(" so that <script> is not possible.
My question is how secured is this method ? any better solution to it?
12-27-2003, 03:53 PM
This might be more secure (I don't know what method you are using).
var re = /\<script(.+|\n)\>/gi;
var n = document.getElementById('myTextarea');
n.value = n.value.replace(re, '(script $1)');
After validating on the client-side, you should revalidate it on the server-side just to be sure.
Hope that helps!
Happy coding! :)
Powered by vBulletin® Version 4.2.2 Copyright © 2017 vBulletin Solutions, Inc. All rights reserved.