473,322 Members | 1,755 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

How to execute Html alone without executing script in the single text area

Hi All,

I want to execute the html in ny text area. but it should not excute any scripts, evethandlers(like onload, onblur, onclick...).

Particular page should be safe from xss also excute some simple html tags.

How to strip script and eventhandlers alone from the user description

any one give me an idea how to proceed.
Jan 10 '08 #1
1 1147
gits
5,390 Expert Mod 4TB
hi ...

as far as i understand the user could enter code in a textarea and you want to make a kind of preview and show the entered code directly in the browser? ... so now you want to avoid any execution of js that the user entered with his code?

first you could delete any <script>-nodes from the code ... in case it woud be coded into the handler-attributes it is a little bit more work ... you have to remove all that attributes and its values or overwrite it ... i think this would be the best way ... since i think the code should be stored in a DB later on?

kind regards
Jan 10 '08 #2

Sign in to post your reply or Sign up for a free account.

Similar topics

31
by: Manfred Kooistra | last post by:
If I have a document like this: <html> <head> <script language=javascript> window.location.href='file.php'; </script> </head> <body> body content
8
by: M.L. | last post by:
Hello. I created a form using JS validation with the form tag as follows: <form name="form1" action="dynaform.php" method="post" onsubmit="return pvg_sub();"> The js validation script sends...
1
by: 4umurali | last post by:
Hi All, I want to execute the html in ny text area. but it should not excute any scripts, evethandlers(like onload, onblur, onclick...). Particular page should be safe from xss also excute some...
10
by: happyse27 | last post by:
Hi All, I got this apache errors(see section A1 and A2 below) when I used a html(see section b below) to activate acctman.pl(see section c below). Section D below is part of the configuration...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.