Solved

Check Form Content for HTML Before Submit

Posted on 2007-11-14
4
1,410 Views
Last Modified: 2012-06-27
I need some code that will check all the fields on a booking form to make sure they don't contain HTML before the form is submitted. In other words, if any field on the form contains < or > then I don't want the form to be submitted.

Can you please provide code.
0
Comment
Question by:slamhound
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
gnoon earned 500 total points
ID: 20286575
<script language="javascript">

function check(theForm) {
  for(var i=0; i<theForm.elements.length; i++) {
    var element = theForm.elements[i];
    if(/<(\S+).*>(.*)<\/\1>/.test(element.value)) {
      alert('A html tag is detected!');
      element.focus();
      return false;
    }
  }
  return true;
}

</script>

<form action="..." name="booking" onsubmit="return check(this)">

Hope this help.
0
 
LVL 16

Expert Comment

by:gnoon
ID: 20286630
Sorry, it should be

if(/<*.*>*/.test(element.value)) {
0
 
LVL 14

Expert Comment

by:cezarF
ID: 20286658
try this to loop thru all inputs and not all form elements ...

<script>
function checkHTML(){
    var inputs = document.getElementsByTagName('input');
      for(var k=0;k<inputs.length;k++){
            var input = inputs[k]
            if(input.type == 'text'){
                  if (input.value.infexOf(">") > -1 || input.value.infexOf("<") > -1){
                        return false;
                  }
            }
      }
      return true;
}
</script>
0
 
LVL 54

Expert Comment

by:b0lsc0tt
ID: 20287356
I hope you aren't just depending on Javascript.  You should make sure you have server script to do this too.

The best would be to have the javascript search the specific fields.  However if you want script that won't care and look at any fields then ...

function checkFields(frm) {
      for (var i=0; i<frm.elements.length; i++) {
            if (frm.elements[i].type == 'text' || frm.elements[i].type == 'textarea') {
                  frm.elements[i].value = frm.elements[i].value.replace(/<[^>]+>/g, "");
            }
      }
}

You should run the function as part of the submit process.  Your form tag can look like ...

<form [your attributes] onsubmit="checkFields(this);">

This will search text inputs and textareas.  You can add other field types if needed but that should cover them.  Also it just removes the html but will still allow the form to be submitted.  If you'd rather reject it then let me know.

Let me know if you have a question or need more info.

bol
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This article shows how to create and access 2-dimensional arrays in JavaScript.  It includes a tutorial in case you are just trying to "get your head wrapped around" the concept and we'll also look at some useful tips for more advanced programmers. …
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now