Prevent Html data behaving like script data

Asked Sep 09 '19 at 15:06

Active Sep 09 '19 at 15:23

Viewed 32 times

I have multiple HTML forms running on my application and I have found some issues like when I insert any code in Javascript code inside the input fields then it the values get submitted but when I open the same data on view mode then it behaves like the script not like the values.

for example, I have this form:

<form>
   <input type='text' name='name'/>
</form>

and now if I add any script data

<script>
   alert("hello world");
</script>

submitting the form works fine but opening the record on view mode shows an alert box.
while I am opening the data then I am entertaining this as simple HTML text not on the input fields this is looking like a simple text

for example:

<span>
     <script>alert('hello world')</script>
</span>

what can I do to prevent the data from behaving like the script?

edited Sep 09 '19 at 15:23

asked Sep 09 '19 at 15:06

bhpsh

The problem isn't the submission or storage per se (albeit filtering would be one option), but in how it's output later on (lack of escaping). – mario Sep 09 '19 at 15:08
You can have an hidden object like:
form
This element you can use to detect the beheibor. – Luis jorquera Sep 09 '19 at 15:39

Prevent Html data behaving like script data

0 Answers0