Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

remove HTML tags from user entry

Status
Not open for further replies.
knuckle05

knuckle05

Programmer
Dec 17, 2001
247
CA
Hi All,

I have a TEXTAREA field where users on my site will enter a personal bio. I want to disable them from entering HTML tags in there.

I know I could parse them out, but this could become a real pain. Is there any way to get the browser to just display the text as enetered? This would act at least as a deterrent, in that the HTML would not be processed...

thx !
 
Sort by date Sort by votes
This makes the tags useless (but still in the text)

cText = request.form("textareaField")
cText = replace( cText, &quot;<&quot; , &quot;[&quot; )
cText = replace( cText, &quot;>&quot; , &quot;]&quot; )







hth,
Foxbox
ttmug.gif
 
Upvote 0 Downvote
Try this to test:

Code: 
strMytext = &quot;This has <B> HTML </B>&quot;
Response.Write(strMyText & &quot;<br>&quot;)
strMytext = Server.HTMLEncode(strMyText)
Response.Write(strMyText & &quot;<br>&quot;)

Output looks like:

This has HTML
This has <B> HTML </B>
 
Upvote 0 Downvote
Just to add one more thing -

Stripping HTML is *very important* for preventing Cross-Site Scripting attacks.

However you choose to do it, do it.

Read up on Cross-Site Scripting. It's a vulerability for most sites, because of the way they do things.

For instance, paste this in your textbox and submit or paste it into the middle of a querystring on one of your pages:

Code: 
<script language='javascript'>alert(&quot;You Are Hacker Bait!&quot;);</script>

If you see the JS Box, you are vulnerable to Cross Site Scripting attacks..

If you are writing raw HTML to the browser - then you are vulnerable. Encode the user's input/output somewhere - either at the variables level or when it's writing something out to a browser.

Cross-Site Scripting and SQL Injection Attacks are the most prevalent vulnerablilties in people's web pages (not server - it's in the pages).

I suggest that you check into both of those as they can bite you in the butt sometime later..
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
write HTML code within ASP line
Replies
1
Views
747
xwb
xwb
leifoet
  • Locked
  • Question
How to send HTML emails with ASP classic?
Replies
0
Views
775
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
Start loop from a specified point
Replies
0
Views
475
penguinspeaks
penguinspeaks
JScannell
  • Locked
  • Question
SMTP emailing from localhost
Replies
1
Views
331
JScannell
JScannell
leifoet
  • Locked
  • Question
Convert Word text with images to html (problems)
Replies
1
Views
314
leifoet
leifoet

Part and Inventory Search

Sponsor

Back
Top