How to Validate Javascript injection in a Textbox

Asked Aug 12 '19 at 11:23

Active Aug 12 '19 at 11:35

Viewed 990 times

I want code which can validate true or false, based on a condition. If my textbox value contains any js injection,

example:

var str = "alert('text')"

how do I know if the str is a normal text or it really contains javascript code in it?

edited Aug 12 '19 at 11:25

Nick Parsons

asked Aug 12 '19 at 11:23

jyotisman

2

Possible duplicate of [Javascript XSS Prevention](https://stackoverflow.com/questions/12799539/javascript-xss-prevention) – Nick Parsons Aug 12 '19 at 11:26
You should really do XSS prevention in the back-end rather than the front-end (see: https://stackoverflow.com/questions/1996122/how-to-prevent-xss-with-html-php) – Nick Parsons Aug 12 '19 at 11:27
Do you *want* code in your textbox? It's unclear. If you just want to check `true` or `false`, then try `text === "true"` or `text === "false"`. If you expect code, then it becomes a lot more complex. – VLAZ Aug 12 '19 at 11:27
You need to validate the XSS at server end instead of frontend – Rishab Aug 12 '19 at 11:38

0 Answers0