locked
filter html special characters and WEB URL's but allow to enter email address and feedback in to asp.net vb textbox RRS feed

  • Question

  • User1078933006 posted

    filter any websites URLs and special html characters but allow to enter email address and user comments through textbox. textbox is use to gather user feedback. could you please help me with this ?

    Tuesday, October 9, 2018 3:59 AM

All replies

  • User-893317190 posted

    Hi Malaka92,

    It seems that you want to prevent xss attack.

    If so , you could use build-in js function to help you encode the html text.

    Below is my code. Please pay attention that the code can't remove website like helloworld.com because it may be part of mail address  gmail@helloworld.com.

    If you only want to prevent xss , you could leave the website and remove  code= code.replace(/(http\:\/\/|https\:\/\/)([a-z0-9][a-z0-9\-]*\.)+[a-z0-9][a-z0-9\-]*/g,'')

      <form id="form1" runat="server">
            <asp:TextBox ID="TextBox1" runat="server" TextMode="MultiLine" Width="200px" Height="200px" Text="<a href='www.helloword.com'></a><script>alert('hello')  <script> some@gmail.com   http://localhost.com" >
    
    
            </asp:TextBox>
    
        </form>
        <script src="../Scripts/jquery-3.3.1.js"></script>
        <script>
    
            function htmlEncode (html){
            
              var temp = document.createElement ("div");
      //handling browser compatibility
              (temp.textContent != undefined ) ? (temp.textContent = html) : (temp.innerText = html);
                 // use innerHTML to get encoded html content
              var output = temp.innerHTML;
             temp = null;
             return output;
            }
    
    
            $("#TextBox1").blur(
                function () {
                    var code = htmlEncode($(this).val());
    // use regex to remove all the website code= code.replace(/(http\:\/\/|https\:\/\/)([a-z0-9][a-z0-9\-]*\.)+[a-z0-9][a-z0-9\-]*/g,'') $(this).val(code); } ) </script>

    And the  content of the textbox  after the textbox is blur.

    &lt;a href='www.helloword.com'&gt;&lt;/a&gt;&lt;script&gt;alert('hello') &lt;script&gt; some@gmail.com

    Best regards,

    Ackerly Xu

    Wednesday, October 10, 2018 3:25 AM