User-893317190 posted
Hi Malaka92,
It seems that you want to prevent xss attack.
If so , you could use build-in js function to help you encode the html text.
Below is my code. Please pay attention that the code can't remove website like
helloworld.com because it may be part of mail address
gmail@helloworld.com.
If you only want to prevent xss , you could leave the website and remove code= code.replace(/(http\:\/\/|https\:\/\/)([a-z0-9][a-z0-9\-]*\.)+[a-z0-9][a-z0-9\-]*/g,'')
<form id="form1" runat="server">
<asp:TextBox ID="TextBox1" runat="server" TextMode="MultiLine" Width="200px" Height="200px" Text="<a href='www.helloword.com'></a><script>alert('hello') <script> some@gmail.com http://localhost.com" >
</asp:TextBox>
</form>
<script src="../Scripts/jquery-3.3.1.js"></script>
<script>
function htmlEncode (html){
var temp = document.createElement ("div");
//handling browser compatibility
(temp.textContent != undefined ) ? (temp.textContent = html) : (temp.innerText = html);
// use innerHTML to get encoded html content
var output = temp.innerHTML;
temp = null;
return output;
}
$("#TextBox1").blur(
function () {
var code = htmlEncode($(this).val());
// use regex to remove all the website
code= code.replace(/(http\:\/\/|https\:\/\/)([a-z0-9][a-z0-9\-]*\.)+[a-z0-9][a-z0-9\-]*/g,'')
$(this).val(code);
}
)
</script>
And the content of the textbox after the textbox is blur.
<a href='www.helloword.com'></a><script>alert('hello') <script> some@gmail.com
Best regards,
Ackerly Xu
