Menu
How can I use JavaScript to prevent the user from entering these HTML tags in a textarea?
<style></style>
<script></script>
<embeded></embeded>
<img src="" />
484
There's a concern that sometimes is missed with respect to client side input validation with Javascript: It's possible for the validation process to be bypassed programatically, enabling the client to send tags (or in a more general sense, data) that your server-side script isn't expecting. For example, someone could write a mechanized scraper that sends a GET or POST request directly to your server-side script. Doing so bypasses the javascript input validation. If your server-side script isn't also checking for valid input, it could get ugly. In the worst case, a malicious user could take advantage of lax server-side scrubbing by possibly injecting data that would be harmful.
Javascript can, therefore, be used to 'encourage' well-behaved input, but it's not a substitute for rigorous server-side validation and scrubbing too.
189
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
