Allow HTML input in form field WITH Cross-Site scripting security

E

Earl Teigrob

I want to allow users to input html (via a rich text box) or directly, into
a form field, save it in a data store and then output that html to the
browser, but not allow cross-site scripting.

What is the minimum that I need to filter to prevent cross-site scripting?
Can it check for any occurance of the "<script" tag and alter it so that no
usable javascript can be inserting with the HTML?

Thanks

Earl
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Digital Signature field form in PDF generated document from HTML 5
Filter user entered Html for possible Cross Site Scripting attacks 0
Cross Site Scripting 2
XML HTTP Request Object Use With Cross-Domain Scripting 1
Reading input field from innerhtml span 7
cross browser multipart form handling 4
Mark text in a input field in a HTML form 2
[ANN] Samizdat 0.6.1: Security, MVC, RSS import 2

Members online

Total: 26 (members: 3, guests: 23)
Robots: 383

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,020
Latest member
GenesisGai

Latest Threads

Top