Approach XSS prevention on Html page using javascript
How to escape textbox contents of form using javascript(not jsp page) to avoid xss.It must b开发者_运维技巧e redered properly on page while submitting form.
Insert the text into the document using document.appendChild
, document.createTextNode
and friends instead of a property (such as innerHTML
) that accepts raw HTML.
"Insert the text into the document using document.appendChild, document.createTextNode and friends instead of a property (such as innerHTML) that accepts raw HTML."
as Quentin says, or, using an existing textbox, use the value
property:
textObject.value="value"
精彩评论