Check Form Content for HTML Before Submit

I need some code that will check all the fields on a booking form to make sure they don't contain HTML before the form is submitted. In other words, if any field on the form contains < or > then I don't want the form to be submitted.

Can you please provide code.
LVL 10
slamhoundAsked:
Who is Participating?
 
gnoonConnect With a Mentor Commented:
<script language="javascript">

function check(theForm) {
  for(var i=0; i<theForm.elements.length; i++) {
    var element = theForm.elements[i];
    if(/<(\S+).*>(.*)<\/\1>/.test(element.value)) {
      alert('A html tag is detected!');
      element.focus();
      return false;
    }
  }
  return true;
}

</script>

<form action="..." name="booking" onsubmit="return check(this)">

Hope this help.
0
 
gnoonCommented:
Sorry, it should be

if(/<*.*>*/.test(element.value)) {
0
 
cezarFCommented:
try this to loop thru all inputs and not all form elements ...

<script>
function checkHTML(){
    var inputs = document.getElementsByTagName('input');
      for(var k=0;k<inputs.length;k++){
            var input = inputs[k]
            if(input.type == 'text'){
                  if (input.value.infexOf(">") > -1 || input.value.infexOf("<") > -1){
                        return false;
                  }
            }
      }
      return true;
}
</script>
0
 
b0lsc0ttIT ManagerCommented:
I hope you aren't just depending on Javascript.  You should make sure you have server script to do this too.

The best would be to have the javascript search the specific fields.  However if you want script that won't care and look at any fields then ...

function checkFields(frm) {
      for (var i=0; i<frm.elements.length; i++) {
            if (frm.elements[i].type == 'text' || frm.elements[i].type == 'textarea') {
                  frm.elements[i].value = frm.elements[i].value.replace(/<[^>]+>/g, "");
            }
      }
}

You should run the function as part of the submit process.  Your form tag can look like ...

<form [your attributes] onsubmit="checkFields(this);">

This will search text inputs and textareas.  You can add other field types if needed but that should cover them.  Also it just removes the html but will still allow the form to be submitted.  If you'd rather reject it then let me know.

Let me know if you have a question or need more info.

bol
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.