View Full Version : <script> enquiry

12-27-2003, 09:45 AM
I have a textarea which allow user to type in their text and at the same time convert all "<" to "(" so that <script> is not possible.

My question is how secured is this method ? any better solution to it?


12-27-2003, 03:53 PM
This might be more secure (I don't know what method you are using).

var re = /\<script(.+|\n)\>/gi;
var n = document.getElementById('myTextarea');
n.value = n.value.replace(re, '(script $1)');

After validating on the client-side, you should revalidate it on the server-side just to be sure.

Hope that helps!

Happy coding! :)