We help IT Professionals succeed at work.

ASP Form Validation, disallow HTML

hanskoens
hanskoens asked
on
Medium Priority
409 Views
Last Modified: 2012-05-06
Hi,
I have a contactform in ASP which will sent the input to my email and a cc to the users email. There is a memo field in the form, I like to disallow users to use HTML and other scripts. We receive a lot of spam!

Is there a way to rebuild the following code? The name of the memofield is email_memo

Thanks for the response!
<script language="javascript" type="text/javascript">
<!--
document.oncontextmenu = function(){return false};
function MM_validateForm() { //v4.0
  if (document.getElementById){
    var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
    for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]);
      if (val) { nm=val.name; if ((val=val.value)!="") {
        if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
          if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
        } else if (test!='R') { num = parseFloat(val);
          if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
          if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
            min=test.substring(8,p); max=test.substring(p+1);
            if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
      } } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is een verplicht veld!.\n'; }
    } if (errors) alert('Er is iets mis gegaan:\n'+errors);
    document.MM_returnValue = (errors == '');
} }
//-->
</script>

Open in new window

Comment
Watch Question

Try this javascript. I would recomnend removing HTML tags using ASP as well or use Server.HTMLEncode to encode the string before sending the email. Javascript can be disabled in the browser in which case the validation will not work
<script language='javascript'>
var regEx=new RegExp("^(?!<[^>]*>).*$");
function CheckHtml()
{
  if(!regEx.test(document.getElementById("txtBox").value))
    alert("Error")
}
</script>
<body>
<textarea id="txtBox"></textarea>
<input type="button" onclick="CheckHtml()" value="Test" />
</body>

Open in new window

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
The attached function might be useful for your ASP side.   Simply call the function to remove all HTML and SCRIPT from the variable like below.

message=stripHTML(message)
Function stripHTML(strHTML)
  'Convert <BR> to crlf
  strHTML=Replace(strHTML, "<br>", vbcrlf)
  strHTML=Replace(strHTML, "<BR>", vbcrlf)
  strHTML=Replace(strHTML, "<p>", vbcrlf)
  strHTML=Replace(strHTML, "<P>", vbcrlf)
  'Strips the HTML tags from strHTML
  Dim objRegExp, strOutput
  Set objRegExp = New Regexp
  objRegExp.IgnoreCase = True
  objRegExp.Global = True
  objRegExp.Pattern = "<(.|\n)+?>"
  'Replace all HTML tag matches with the empty string
  strOutput = objRegExp.Replace(strHTML, "")
  'Replace all < and > 
  strOutput = Replace(strOutput, "<", "")
  strOutput = Replace(strOutput, ">", "")
  stripHTML = strOutput    'Return the value of strOutput
  Set objRegExp = Nothing
  stripHTML = replace(stripHTML, "&nbsp;", " ")
End Function

Open in new window

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.