-Karl- Posted May 22, 2010 Share Posted May 22, 2010 I have an input form, with an isset for PHP. However, when a user inputs "<script>alert(document.cookie)%3B<%2Fscript>" into the box. It will do as the javascript asks. I was wondering what a good way would be to block this. Link to comment https://forums.phpfreaks.com/topic/202593-javascript-and-input-forms/ Share on other sites More sharing options...
Pikachu2000 Posted May 22, 2010 Share Posted May 22, 2010 strip_tags() Link to comment https://forums.phpfreaks.com/topic/202593-javascript-and-input-forms/#findComment-1062017 Share on other sites More sharing options...
mikesta707 Posted May 22, 2010 Share Posted May 22, 2010 Alternatively you can use htmlentities() The difference is that strip tags simply removes all tags in a string, while html entities will turn the html into their respective entities (click the link for more info on what exactly entities are.) so if someone put in <script> // imma h4x0r j00 </script> strip tags would make it look like //imma h4xor j00 while html entities will make it look like <script> // imma h4x0r j00 </script> but that won't execute, it will just output to the page Link to comment https://forums.phpfreaks.com/topic/202593-javascript-and-input-forms/#findComment-1062022 Share on other sites More sharing options...
-Karl- Posted May 23, 2010 Author Share Posted May 23, 2010 Tried both even before posting this, and the Javascript was still executed. Link to comment https://forums.phpfreaks.com/topic/202593-javascript-and-input-forms/#findComment-1062095 Share on other sites More sharing options...
kenrbnsn Posted May 23, 2010 Share Posted May 23, 2010 If you don't show us your code, we can't tell you what's wrong. Ken Link to comment https://forums.phpfreaks.com/topic/202593-javascript-and-input-forms/#findComment-1062119 Share on other sites More sharing options...
-Karl- Posted May 23, 2010 Author Share Posted May 23, 2010 It's marked as solved. Link to comment https://forums.phpfreaks.com/topic/202593-javascript-and-input-forms/#findComment-1062121 Share on other sites More sharing options...
kenrbnsn Posted May 23, 2010 Share Posted May 23, 2010 Tried both even before posting this, and the Javascript was still executed. You said that and never said how you solved it. Some people mark topics solved by mistake. If it's solved, say how. Ken Link to comment https://forums.phpfreaks.com/topic/202593-javascript-and-input-forms/#findComment-1062125 Share on other sites More sharing options...
Rustywolf Posted May 23, 2010 Share Posted May 23, 2010 htmlspecialchars() it works for me also, make sure you do it like this: $msg = htmlspecialchars($msg); Link to comment https://forums.phpfreaks.com/topic/202593-javascript-and-input-forms/#findComment-1062140 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.