开发者

Script disable in text boxes

How can I prevent a script from executing in text boxes, by using jQuery?

Here is my complete problem:

I want to send a message to someone using jQuery; if I entered a script tags like a, href, scri开发者_如何学运维pt, etc. they are not appearing in the other's message. How can I prevent this?


The question you should be asking is:

How can I render text containing HTML as text instead of HTML?

As your examples are all about HTML, not script.

Since you are using jQuery, add it to the document using $element.text(text) and not $element.html(text).


You need to Encode the text written by the users.

Most common way is doing it server side, for example using ASP you'll need to:

strData = Server.HTMLEncode(strData);

And then if the data contains <b>hello</b> the users will see it literally.

To do it client side: HTML-encoding lost when attribute read from input field

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜