Solved

Check Form Content for HTML Before Submit

Posted on 2007-11-14
4
1,413 Views
Last Modified: 2012-06-27
I need some code that will check all the fields on a booking form to make sure they don't contain HTML before the form is submitted. In other words, if any field on the form contains < or > then I don't want the form to be submitted.

Can you please provide code.
0
Comment
Question by:slamhound
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
gnoon earned 500 total points
ID: 20286575
<script language="javascript">

function check(theForm) {
  for(var i=0; i<theForm.elements.length; i++) {
    var element = theForm.elements[i];
    if(/<(\S+).*>(.*)<\/\1>/.test(element.value)) {
      alert('A html tag is detected!');
      element.focus();
      return false;
    }
  }
  return true;
}

</script>

<form action="..." name="booking" onsubmit="return check(this)">

Hope this help.
0
 
LVL 16

Expert Comment

by:gnoon
ID: 20286630
Sorry, it should be

if(/<*.*>*/.test(element.value)) {
0
 
LVL 14

Expert Comment

by:cezarF
ID: 20286658
try this to loop thru all inputs and not all form elements ...

<script>
function checkHTML(){
    var inputs = document.getElementsByTagName('input');
      for(var k=0;k<inputs.length;k++){
            var input = inputs[k]
            if(input.type == 'text'){
                  if (input.value.infexOf(">") > -1 || input.value.infexOf("<") > -1){
                        return false;
                  }
            }
      }
      return true;
}
</script>
0
 
LVL 54

Expert Comment

by:b0lsc0tt
ID: 20287356
I hope you aren't just depending on Javascript.  You should make sure you have server script to do this too.

The best would be to have the javascript search the specific fields.  However if you want script that won't care and look at any fields then ...

function checkFields(frm) {
      for (var i=0; i<frm.elements.length; i++) {
            if (frm.elements[i].type == 'text' || frm.elements[i].type == 'textarea') {
                  frm.elements[i].value = frm.elements[i].value.replace(/<[^>]+>/g, "");
            }
      }
}

You should run the function as part of the submit process.  Your form tag can look like ...

<form [your attributes] onsubmit="checkFields(this);">

This will search text inputs and textareas.  You can add other field types if needed but that should cover them.  Also it just removes the html but will still allow the form to be submitted.  If you'd rather reject it then let me know.

Let me know if you have a question or need more info.

bol
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I would like to talk about localizing (Internationalization) JavaScript applications. Introduction When creating an application that is going to be used by many people around the globe, it is important to remember that not everyone speak…
Having worked on larger scale sites, we found out that you are bound to look at more scalable solutions to integrating widgets, code snippets or complete applications and mesh them into functional sites, in any given composition. To share some of…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question