george wrote on 17 dec 2007 in comp.lang.javascript
:
which is the best way to strip jscript/vbscript from user input? Is
there any module I could reuse?
P.S. the solution must allow users to enter html code.
There is no "best way" in programming.
It depends on your prefeences.
Why would you strip script from an input?
Just make sure that it is never used in a html page.
Well, if you insist, use:
t = t.replace(/</g,'<')
This is not stripping, but it won't be executed.
Why shouldn't you strip input values of script?
Because:
Someone's signature could be <script?
someone could input:
"if 7<a and href>7 then response.write c\"
You want to strip that?
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)