tags:

views:

51

answers:

1
Q: 

How to stop someone uploading a script in textarea?

Hello

I have a situation where users can submit feedback through a textarea on a HTML page or JSP. This works fine and the text ends up in the database.

But, can anyone suggest any safeguards which could prevent somebody trying to submit malicious scripts which could possibly affect the page's behaviour?

I am aware of parsing the text entered and converting any < to '&LT'; and > to '&GT'; But is there anything more I could do to validate the entered text?

Thanks

Mr Morgan

A: 

Check this out: http://stackoverflow.com/questions/1265282/recommended-method-for-escaping-html-in-java

See Apache StringEscapeUtils

escapeJavaScript and escapeHtml

Joelio  2010-08-03 19:50:59
Many thanks. This looks to be what I need.
Mr Morgan  2010-08-03 20:14:55

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?