Disable html/javascripts commands in text fields -


how prevent input in texts fields containing html , javascript code?

example: have input text field. if user enters javascript instructions, executed.

how can modify

<script>alert('aces')</script>  

so show normal text in field , not alert when try list it?

have looked libraries underscore.js (used backbone.js)?

it comes escape functions prevents user entered javascript run. http://underscorejs.org/#escape , http://underscorejs.org/#unescape

so write:

alert(_.escape(userinput));

this becomes more important when add user input dom, security reasons need escape inputs (or allow selection of harmless tags < strong >).


Comments

Popular posts from this blog

css - Which browser returns the correct result for getBoundingClientRect of an SVG element? -

gcc - Calling fftR4() in c from assembly -

.htaccess - Matching full URL in RewriteCond -