By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,916 Members | 1,068 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,916 IT Pros & Developers. It's quick & easy.

How to execute Html alone without executing script in the single text area

P: 2
Hi All,

I want to execute the html in ny text area. but it should not excute any scripts, evethandlers(like onload, onblur, onclick...).

Particular page should be safe from xss also excute some simple html tags.

How to strip script and eventhandlers alone from the user description

any one give me an idea how to proceed.
Jan 10 '08 #1
Share this Question
Share on Google+
1 Reply


gits
Expert Mod 5K+
P: 5,329
hi ...

as far as i understand the user could enter code in a textarea and you want to make a kind of preview and show the entered code directly in the browser? ... so now you want to avoid any execution of js that the user entered with his code?

first you could delete any <script>-nodes from the code ... in case it woud be coded into the handler-attributes it is a little bit more work ... you have to remove all that attributes and its values or overwrite it ... i think this would be the best way ... since i think the code should be stored in a DB later on?

kind regards
Jan 10 '08 #2

Post your reply

Sign in to post your reply or Sign up for a free account.