There is a security threat that people use scripting tags into the input fields in order to hack/malfunction the application, you may use the steps described below in order to restrict the user not to enter these kind of tags:
Add a text box in your asp.net page/control
<asp:TextBox ID="txtComments" runat="server"></asp:TextBox>
Then add an attribute for OnClick and OnKeyPress events
txtComments.Attributes.Add("OnClick", "return RestrictHTMLTags();");
Now you've to define the function RestrictHTMLTags in order to restrict the HTML tags
function RestrictHTMLTags()
{
txt_box=document.getElementsByTagName('INPUT');
for (txt_0=0; txt_0 < txt_box.length; txt_0++)
{
if (txt_box[txt_0].type=='text')
{
var str1=parseInt(txt_box[txt_0].value.indexOf('<'))
var str2=parseInt(txt_box[txt_0].value.indexOf('>'))
if (str1 >= 0 || str2 >= 0 )
{
alert("HTML or JavaScript tags are not allowed")
txt_box[txt_0].value='';
txt_box[txt_0].focus();
return false;
}
}
}
return true;
}
That's how you restrict the user not to enter the restricted tags. Waiting for your comments on this article
No comments:
Post a Comment