Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Feb 2009
    Posts
    4
    Thanks
    1
    Thanked 0 Times in 0 Posts

    would this be javascript?

    Im wondering if its possible to code a form that wont allow (or wont send) html in the text boxes. I only know how to loosely do it in PHP which our hosting company won't 'give' us. I am trying to stop spam from coming through the web form i manage.

  • #2
    Regular Coder ohgod's Avatar
    Join Date
    Jun 2008
    Location
    Ohio
    Posts
    579
    Thanks
    6
    Thanked 69 Times in 69 Posts
    Code:
    replace(/\<.+?\>/g, '');
    ^^^ feed that a string, it'll strip html out

  • Users who have thanked ohgod for this post:

    ortal (02-11-2009)

  • #3
    New to the CF scene
    Join Date
    Feb 2009
    Posts
    4
    Thanks
    1
    Thanked 0 Times in 0 Posts
    where would I put it, Im sorry im not familiar with the lingo.

  • #4
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,016
    Thanks
    203
    Thanked 2,538 Times in 2,516 Posts
    Something like this:


    Code:
    <textarea id = "txt1" rows = "10" cols = "50" onblur = "stripHTML()"></textarea>
    
    <script type = "text/javascript">
    
    function stripHTML() {
    var x = document.getElementById("txt1").value;
    var y = x.replace(/\<.*\>/g, '');  // to delete anything within and including <> HTML tags
    y = y.replace(/[<>]/g,'');  // strip just a single < or >
    
    // OR use just the below line to simply strip the <> leaving whatever was between them:-
    //var y = x.replace(/[<>]/g,'');
    
    document.getElementById("txt1").value = y;
    
    // optional alert
    if (x!=y) {
    alert ("HTML tags have been stripped!")
    }
    
    }
    
    </script>

    Remember that JavaScript form validation only provides convenience for users, not security. This means that JavaScript should be used as an "enhancement", not as a requirement. So your form should not be dependent on JavaScript alone to perform your validation. Instead, whatever server-side language you use to process the form (PERL, ASP, PHP, etc.) should also perform the same validation. Otherwise, people will be able to bypass your validation (and even possibly inject malicious code) simply by disabling JavaScript. I rather think that the spammers also know this.

    You say "I only know how to loosely do it in PHP which our hosting company won't 'give' us." Solution - get another host. Otherwise your site is very vulnerable. As always, you get what you pay for and pay for what you get.


    “Get your facts first, and then you can distort them as much as you please: facts are stubborn, but statistics are more pliable”. - Mark Twain
    Last edited by Philip M; 02-12-2009 at 08:50 AM. Reason: Typo


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •