terça-feira, 10 de julho de 2012

JavaScript Injection Fixed on Client

Hi,

If you want to fixed the HTML input, you could fixed using the JavaScript Code below:

//prevent HTML Injection
function fixInput(str) {
  var return="";
      $.each(str, function (i, element) {
          return+= element
            .replace(/&/g, '&')
            .replace(/"/g, '"')
            .replace(/'/g, ''')
            .replace(/            .replace(/>/g, '>')
            .replace(' ', '-')
            .replace('?', '-')
            .replace(':', '-')
            .replace('|', '-')
            .replace('.', '-');
   });
      return String(return);
  }


// to use this function

var inputOK= fixInput($.trim($("#formField").val()));


Postar um comentário