How to stop a webpage from executing javascript that resides inside a textarea or as value to input (type text) ?

Question

I have an anoying problem with a page. If I have a textarea or textbox with its value (set on serverside) to eg. "alert('hello');" that script is executed upon load of the page.

Well why dont you encode the string before you set it as value to the textbox you ask? Then special characters like åäö will also be encoded and thats a solution that works for me.

Anyone have any clue how to solve this?

Answer 1

I'm not sure if I understand correctly, but I gather that you output the textarea contents as html upon form submit? If you are using php, just run the textarea contents through http://www.php.net/htmlspecialchars to fix the issue while preserving the characters you don't want to lose.

Other scripting languages should have simillar funcitons, or in the worst case, writing your own should not pose a problem.

Answer 2

Sorry for all convenience, I solved it, the problem was that I focused on the textbox but the problem was that the same text was applied to a hidden div so that script was the executing one. Well well thank you anyways.