0

How can I prevent a script from executing in text boxes, by using jQuery?

Here is my complete problem:

I want to send a message to someone using jQuery; if I entered a script tags like a, href, script, etc. they are not appearing in the other's message. How can I prevent this?

David Thomas
  • 249,100
  • 51
  • 377
  • 410
  • 3
    Your question makes little sense in its current form. Please try to explain your problem in more detail, providing code where relevant. – Jamiec Mar 17 '11 at 12:00
  • @jamiec i want to ping some code to my friend ..but the html tags in the text are not appearing to my friend –  Mar 17 '11 at 12:02
  • Explain "ping some code" - that could mean a whole bunch of stuff. – Jamiec Mar 17 '11 at 12:04
  • like ... me :hi james is it my code correct in home page ?? i'm sending the html code i written html input type=text........ ............. but in the receiving end that code not appearing .. –  Mar 17 '11 at 12:08

2 Answers2

1

The question you should be asking is:

How can I render text containing HTML as text instead of HTML?

As your examples are all about HTML, not script.

Since you are using jQuery, add it to the document using $element.text(text) and not $element.html(text).

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
0

You need to Encode the text written by the users.

Most common way is doing it server side, for example using ASP you'll need to:

strData = Server.HTMLEncode(strData);

And then if the data contains <b>hello</b> the users will see it literally.

To do it client side: HTML-encoding lost when attribute read from input field

Community
  • 1
  • 1
Shadow The GPT Wizard
  • 66,030
  • 26
  • 140
  • 208