filter any websites URLs and special html characters but allow to enter email address and user comments through textbox. textbox is use to gather user feedback. could you please help me with this ?
If so , you could use build-in js function to help you encode the html text.
Below is my code. Please pay attention that the code can't remove website like
helloworld.com because it may be part of mail address
gmail@helloworld.com.
If you only want to prevent xss , you could leave the website and remove code= code.replace(/(http\:\/\/|https\:\/\/)([a-z0-9][a-z0-9\-]*\.)+[a-z0-9][a-z0-9\-]*/g,'')
<form id="form1" runat="server">
<asp:TextBox ID="TextBox1" runat="server" TextMode="MultiLine" Width="200px" Height="200px" Text="<a href='www.helloword.com'></a><script>alert('hello') <script> some@gmail.com http://localhost.com" >
</asp:TextBox>
</form>
<script src="../Scripts/jquery-3.3.1.js"></script>
<script>
function htmlEncode (html){
var temp = document.createElement ("div");
//handling browser compatibility
(temp.textContent != undefined ) ? (temp.textContent = html) : (temp.innerText = html);
// use innerHTML to get encoded html content
var output = temp.innerHTML;
temp = null;
return output;
}
$("#TextBox1").blur(
function () {
var code = htmlEncode($(this).val()); // use regex to remove all the website
code= code.replace(/(http\:\/\/|https\:\/\/)([a-z0-9][a-z0-9\-]*\.)+[a-z0-9][a-z0-9\-]*/g,'')
$(this).val(code);
}
)
</script>
And the content of the textbox after the textbox is blur.
None
0 Points
1 Post
filter html special characters and WEB URL's but allow to enter email address and feedback in to...
Oct 09, 2018 03:59 AM|Malaka92|LINK
filter any websites URLs and special html characters but allow to enter email address and user comments through textbox. textbox is use to gather user feedback. could you please help me with this ?
Participant
1610 Points
617 Posts
Re: filter html special characters and WEB URL's but allow to enter email address and feedback in...
Oct 10, 2018 03:25 AM|Ackerly Xu|LINK
Hi Malaka92,
It seems that you want to prevent xss attack.
If so , you could use build-in js function to help you encode the html text.
Below is my code. Please pay attention that the code can't remove website like helloworld.com because it may be part of mail address gmail@helloworld.com.
If you only want to prevent xss , you could leave the website and remove code= code.replace(/(http\:\/\/|https\:\/\/)([a-z0-9][a-z0-9\-]*\.)+[a-z0-9][a-z0-9\-]*/g,'')
<form id="form1" runat="server"> <asp:TextBox ID="TextBox1" runat="server" TextMode="MultiLine" Width="200px" Height="200px" Text="<a href='www.helloword.com'></a><script>alert('hello') <script> some@gmail.com http://localhost.com" > </asp:TextBox> </form> <script src="../Scripts/jquery-3.3.1.js"></script> <script> function htmlEncode (html){ var temp = document.createElement ("div"); //handling browser compatibility (temp.textContent != undefined ) ? (temp.textContent = html) : (temp.innerText = html); // use innerHTML to get encoded html content var output = temp.innerHTML; temp = null; return output; } $("#TextBox1").blur( function () { var code = htmlEncode($(this).val());// use regex to remove all the website code= code.replace(/(http\:\/\/|https\:\/\/)([a-z0-9][a-z0-9\-]*\.)+[a-z0-9][a-z0-9\-]*/g,'') $(this).val(code); } ) </script>
And the content of the textbox after the textbox is blur.
<a href='www.helloword.com'></a><script>alert('hello') <script> some@gmail.comBest regards,
Ackerly Xu
Please remember to "Mark as Answer" the responses that resolved your issue.