How to stop someone uploading a script in textarea?

Question

I have a situation where users can submit feedback through a textarea on a HTML page or JSP. This works fine and the text ends up in the database.

But, can anyone suggest any safeguards which could prevent somebody trying to submit malicious scripts which could possibly affect the page's behaviour?

I am aware of parsing the text entered and converting any < to '&LT'; and > to '&GT'; But is there anything more I could do to validate the entered text?

Thanks

Mr Morgan

this was already asked here: http://stackoverflow.com/questions/761588/how-best-to-sanitize-input-in-java-webapp — dave, Aug 03 '10 at 19:48

score 0 · Accepted Answer · edited May 23 '17 at 10:32

0

Check this out: Recommended method for escaping HTML in Java

See Apache StringEscapeUtils

escapeJavaScript and escapeHtml

edited May 23 '17 at 10:32

Community

1
1

answered Aug 03 '10 at 19:50

Joelio

4,621
6
44
80

How to stop someone uploading a script in textarea?

1 Answers1