Prevent quotes in form text area

C

Cues Plus

Hello,

I have a simple form text area for people to add comments in. The problem is
that using the standard
<TEXT AREA NAME="comments" ROWS=4 COLS=35></TEXT AREA>

Allows people to put in quotes like: Please ensure "bob" is listed as the
first name not "bobby".

When that happens, the next processing of the text area input is submitted
as another variable. In the example above the first set of quotes in front
of bob then end the variable.

What I need is a way to either strip the quotes or prevent them from being
input in the first place.

Any ideas?

Thank you,

Michael
--


http://www.cuesplus.com
http://www.cuesplusbilliards.com
http://www.stixplus.com
(remove SPAMBLOCK if replying by e-mail)
 
G

Grant Wagner

Cues said:
Hello,

I have a simple form text area for people to add comments in. The problem is
that using the standard
<TEXT AREA NAME="comments" ROWS=4 COLS=35></TEXT AREA>

Allows people to put in quotes like: Please ensure "bob" is listed as the
first name not "bobby".

When that happens, the next processing of the text area input is submitted
as another variable. In the example above the first set of quotes in front
of bob then end the variable.

What I need is a way to either strip the quotes or prevent them from being
input in the first place.

Any ideas?

Thank you,

Michael
Click to expand...

The value of the textarea could possibly contain new line characters as well,
which can lead to things like:

var s = "This is line 1 of the textarea and
this is line two of the text area";

So store the textarea in it's entirety, then when putting it back into a
variable, escape double-quotation marks and turn new lines and returns into \n
and \r:

s = <outputOfTheTextarea>.replace(/\x22/g, '\\"').replace(/\n/,
'\\n').replace(/\r/, '\\r');

--
| Grant Wagner <[email protected]>

* Client-side Javascript and Netscape 4 DOM Reference available at:
*
http://devedge.netscape.com/library/manuals/2000/javascript/1.3/reference/frames.html

* Internet Explorer DOM Reference available at:
*
http://msdn.microsoft.com/workshop/author/dhtml/reference/dhtml_reference_entry.asp

* Netscape 6/7 DOM Reference available at:
* http://www.mozilla.org/docs/dom/domref/
* Tips for upgrading JavaScript for Netscape 7 / Mozilla
* http://www.mozilla.org/docs/web-developer/upgrade_2.html
 
L

Lee

Cues Plus said:
Hello,

I have a simple form text area for people to add comments in. The problem is
that using the standard
<TEXT AREA NAME="comments" ROWS=4 COLS=35></TEXT AREA>

Allows people to put in quotes like: Please ensure "bob" is listed as the
first name not "bobby".

When that happens, the next processing of the text area input is submitted
as another variable. In the example above the first set of quotes in front
of bob then end the variable.

What I need is a way to either strip the quotes or prevent them from being
input in the first place.
Click to expand...

You must never rely on client-side code to ensure that form
input is valid. You don't know that your customer even has
JavaScript enabled.

What you really need to do is to fix your CGI script so that
it handles the input correctly.
 
@

@SM

Cues Plus a ecrit :
Hello,

I have a simple form text area for people to add comments in. The problem is
that using the standard
<TEXT AREA NAME="comments" ROWS=4 COLS=35></TEXT AREA>

Allows people to put in quotes like: Please ensure "bob" is listed as the
first name not "bobby".

What I need is a way to either strip the quotes or prevent them from being
input in the first place.
Click to expand...

Try :

<textarea onchange="this.value=this.value.replace('"','|');"
or
<textarea onchange="this.value=this.value.replace('\"','\|');"
 
C

Cues Plus

I understand that completely... The problem is not really with the CGI
script because it is designed to spit out exactly what was put in. The
problem lies with the form the CGI script feeds. (I could fix the CGI if I
had access to it though).

The problem is mostly cosmetic without JavaScript enabled anyway... With out
it (and if someone used quotes) the output on the screen would look like:

">

But if I could get the quotes stripped out it would just show a blank line
like it is supposed to.

Thanks for the input but so far I'm not able to use any suggestions
successfully.

Michael
--


http://www.cuesplus.com
http://www.cuesplusbilliards.com
http://www.stixplus.com
(remove SPAMBLOCK if replying by e-mail)
 
L

Lasse Reichstein Nielsen

Cues Plus said:
I understand that completely... The problem is not really with the CGI
script because it is designed to spit out exactly what was put in.
Click to expand...

That *is* a problem. Simply spitting out what comes in, will not
generate valid HTML. The output of the CGI-script is used as HTML,
so it should be HTML.

/L
 
L

Lee

Cues Plus said:
I understand that completely... The problem is not really with the CGI
script because it is designed to spit out exactly what was put in.
Click to expand...

That's exactly the problem with the script.
It should have more intelligence.
 
C

Cues Plus

Irrelevant to the discussion though. Which is: how to prevent people from
putting in quotes in a textarea of a form or to convert the quotes to
something else.

Michael
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Registration Form 7
Login form no longer working 2
Mandatory Elements To Conduct JavaScript Form Manipulation 7
action_page.php form 2
Why is this WordPress comments form not submitting? 1
Issue with passing fetched data to POST form. How can I? 0
Quotes and EL 4
Prevent form submission only from default action 13

Members online

No members online now.
Total: 35 (members: 0, guests: 35)
Robots: 234

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,022
Latest member
MaybelleMa

Latest Threads

Top