Script disable in text boxes
How can I prevent a script from executing in text boxes, by using jQuery?
Here is my complete problem:
I want to send a message to someone using jQuery; if I entered a script tags like a
, href
, scri开发者_如何学运维pt
, etc. they are not appearing in the other's message. How can I prevent this?
The question you should be asking is:
How can I render text containing HTML as text instead of HTML?
As your examples are all about HTML, not script.
Since you are using jQuery, add it to the document using $element.text(text)
and not $element.html(text)
.
You need to Encode
the text written by the users.
Most common way is doing it server side, for example using ASP you'll need to:
strData = Server.HTMLEncode(strData);
And then if the data contains <b>hello</b>
the users will see it literally.
To do it client side: HTML-encoding lost when attribute read from input field
精彩评论