View Full Version : would this be javascript?

02-11-2009, 09:53 PM
Im wondering if its possible to code a form that wont allow (or wont send) html in the text boxes. I only know how to loosely do it in PHP which our hosting company won't 'give' us. I am trying to stop spam from coming through the web form i manage.

02-11-2009, 09:58 PM
replace(/\<.+?\>/g, '');

^^^ feed that a string, it'll strip html out

02-11-2009, 10:14 PM
where would I put it, Im sorry im not familiar with the lingo.

Philip M
02-12-2009, 09:15 AM
Something like this:

<textarea id = "txt1" rows = "10" cols = "50" onblur = "stripHTML()"></textarea>

<script type = "text/javascript">

function stripHTML() {
var x = document.getElementById("txt1").value;
var y = x.replace(/\<.*\>/g, ''); // to delete anything within and including <> HTML tags
y = y.replace(/[<>]/g,''); // strip just a single < or >

// OR use just the below line to simply strip the <> leaving whatever was between them:-
//var y = x.replace(/[<>]/g,'');

document.getElementById("txt1").value = y;

// optional alert
if (x!=y) {
alert ("HTML tags have been stripped!")



Remember that JavaScript form validation only provides convenience for users, not security. This means that JavaScript should be used as an "enhancement", not as a requirement. So your form should not be dependent on JavaScript alone to perform your validation. Instead, whatever server-side language you use to process the form (PERL, ASP, PHP, etc.) should also perform the same validation. Otherwise, people will be able to bypass your validation (and even possibly inject malicious code) simply by disabling JavaScript. I rather think that the spammers also know this.

You say "I only know how to loosely do it in PHP which our hosting company won't 'give' us." Solution - get another host. Otherwise your site is very vulnerable. As always, you get what you pay for and pay for what you get.

“Get your facts first, and then you can distort them as much as you please: facts are stubborn, but statistics are more pliable”. - Mark Twain