Pages

Thursday, September 4, 2008

How to restrict HTML/Javascript tags using Javascript and ASP.NET

There is a security threat that people use scripting tags into the input fields in order to hack/malfunction the application, you may use the steps described below in order to restrict the user not to enter these kind of tags:

Add a text box in your asp.net page/control

<asp:TextBox ID="txtComments" runat="server"></asp:TextBox>

Then add an attribute for OnClick and OnKeyPress events

txtComments.Attributes.Add("OnClick", "return RestrictHTMLTags();");

Now you've to define the function RestrictHTMLTags in order to restrict the HTML tags

function RestrictHTMLTags()
{
txt_box=document.getElementsByTagName('INPUT');
for (txt_0=0; txt_0 < txt_box.length; txt_0++)
{
if (txt_box[txt_0].type=='text')
{
var str1=parseInt(txt_box[txt_0].value.indexOf('<'))
var str2=parseInt(txt_box[txt_0].value.indexOf('>'))
if (str1 >= 0 || str2 >= 0 )
{
alert("HTML or JavaScript tags are not allowed")
txt_box[txt_0].value='';
txt_box[txt_0].focus();
return false;
}
}
}
return true;
}

That's how you restrict the user not to enter the restricted tags. Waiting for your comments on this article

Wednesday, September 3, 2008

How to format currency value entered in a text box using Javascript and ASP.NET

You might be in a situation where you want to display the value entered by user in a proper currency format e.g. if user entered 10000 and you want to format it like 10,000. In order to do so you've to follow these steps:

First add a text box in your asp.net page/control

<asp:TextBox ID="txtTotal_Amount" runat="server"></asp:TextBox>

Then add an attribute for OnKeyUp and OnKeyPress events

txtTotal_Amount.Attributes.Add("OnKeyUp", "OnCurrencyValueKeyUp(this);");
txtTotal_Amount.Attributes.Add("OnKeyPress", "OnCurrencyValueKeyUp(this);");

Now you've to define the function OnCurrencyValueKeyUp in order to handle the formatting

function OnCurrencyValueKeyUp(input)
{
if(input.value.toString().length == 1 && input.value.toString() == '0')
input.value = input.value.replace('0','');

var num = input.value.replace('.','');
num = input.value.replace(/\,/g,'');
if((!isNaN(num)|| num=='-') && num != '-0')
{
if(num.indexOf('.') > -1)
{
num = num.split('.');
num[0] = num[0].toString().split('').reverse().join('').replace(/(?=\d*\.?)(\d{3})/g,'$1,').split('').reverse().join('').replace(/^[\,]/,'');
if(num[1].length > 2)
{
num[1] = num[1].substring(0,num[1].length-1);
}
input.value = num[0]+'.'+num[1];
}
else
{
input.value = num.toString().split('').reverse().join('').replace(/(?=\d*\.?)(\d{3})/g,'$1,').split('').reverse().join('').replace(/^[\,]/,'') };
}
else
{
input.value = input.value.substring(0,input.value.length-1);
}
input.value = input.value.toString().replace(/\$|\ /g,'');
input.value = input.value.toString().replace('.','');
input.value = input.value .toString().replace('-,','-');

}

That's it, just run your application and try it. Waiting for your comments on this article