?
Solved

ASP Form Validation, disallow HTML

Posted on 2009-02-12
2
Medium Priority
?
392 Views
Last Modified: 2012-05-06
Hi,
I have a contactform in ASP which will sent the input to my email and a cc to the users email. There is a memo field in the form, I like to disallow users to use HTML and other scripts. We receive a lot of spam!

Is there a way to rebuild the following code? The name of the memofield is email_memo

Thanks for the response!
<script language="javascript" type="text/javascript">
<!--
document.oncontextmenu = function(){return false};
function MM_validateForm() { //v4.0
  if (document.getElementById){
    var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
    for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]);
      if (val) { nm=val.name; if ((val=val.value)!="") {
        if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
          if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
        } else if (test!='R') { num = parseFloat(val);
          if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
          if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
            min=test.substring(8,p); max=test.substring(p+1);
            if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
      } } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is een verplicht veld!.\n'; }
    } if (errors) alert('Er is iets mis gegaan:\n'+errors);
    document.MM_returnValue = (errors == '');
} }
//-->
</script>

Open in new window

0
Comment
Question by:hanskoens
2 Comments
 
LVL 16

Accepted Solution

by:
sunithnair earned 375 total points
ID: 23620339
Try this javascript. I would recomnend removing HTML tags using ASP as well or use Server.HTMLEncode to encode the string before sending the email. Javascript can be disabled in the browser in which case the validation will not work
<script language='javascript'>
var regEx=new RegExp("^(?!<[^>]*>).*$");
function CheckHtml()
{
  if(!regEx.test(document.getElementById("txtBox").value))
    alert("Error")
}
</script>
<body>
<textarea id="txtBox"></textarea>
<input type="button" onclick="CheckHtml()" value="Test" />
</body>

Open in new window

0
 
LVL 12

Expert Comment

by:R_Harrison
ID: 23621603
The attached function might be useful for your ASP side.   Simply call the function to remove all HTML and SCRIPT from the variable like below.

message=stripHTML(message)
Function stripHTML(strHTML)
  'Convert <BR> to crlf
  strHTML=Replace(strHTML, "<br>", vbcrlf)
  strHTML=Replace(strHTML, "<BR>", vbcrlf)
  strHTML=Replace(strHTML, "<p>", vbcrlf)
  strHTML=Replace(strHTML, "<P>", vbcrlf)
  'Strips the HTML tags from strHTML
  Dim objRegExp, strOutput
  Set objRegExp = New Regexp
  objRegExp.IgnoreCase = True
  objRegExp.Global = True
  objRegExp.Pattern = "<(.|\n)+?>"
  'Replace all HTML tag matches with the empty string
  strOutput = objRegExp.Replace(strHTML, "")
  'Replace all < and > 
  strOutput = Replace(strOutput, "<", "")
  strOutput = Replace(strOutput, ">", "")
  stripHTML = strOutput    'Return the value of strOutput
  Set objRegExp = Nothing
  stripHTML = replace(stripHTML, "&nbsp;", " ")
End Function

Open in new window

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question