ASP Form Validation, disallow HTML

Hi,
I have a contactform in ASP which will sent the input to my email and a cc to the users email. There is a memo field in the form, I like to disallow users to use HTML and other scripts. We receive a lot of spam!

Is there a way to rebuild the following code? The name of the memofield is email_memo

Thanks for the response!
<script language="javascript" type="text/javascript">
<!--
document.oncontextmenu = function(){return false};
function MM_validateForm() { //v4.0
  if (document.getElementById){
    var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
    for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]);
      if (val) { nm=val.name; if ((val=val.value)!="") {
        if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
          if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
        } else if (test!='R') { num = parseFloat(val);
          if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
          if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
            min=test.substring(8,p); max=test.substring(p+1);
            if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
      } } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is een verplicht veld!.\n'; }
    } if (errors) alert('Er is iets mis gegaan:\n'+errors);
    document.MM_returnValue = (errors == '');
} }
//-->
</script>

Open in new window

LVL 2
hanskoensAsked:
Who is Participating?
 
sunithnairCommented:
Try this javascript. I would recomnend removing HTML tags using ASP as well or use Server.HTMLEncode to encode the string before sending the email. Javascript can be disabled in the browser in which case the validation will not work
<script language='javascript'>
var regEx=new RegExp("^(?!<[^>]*>).*$");
function CheckHtml()
{
  if(!regEx.test(document.getElementById("txtBox").value))
    alert("Error")
}
</script>
<body>
<textarea id="txtBox"></textarea>
<input type="button" onclick="CheckHtml()" value="Test" />
</body>

Open in new window

0
 
R_HarrisonCommented:
The attached function might be useful for your ASP side.   Simply call the function to remove all HTML and SCRIPT from the variable like below.

message=stripHTML(message)
Function stripHTML(strHTML)
  'Convert <BR> to crlf
  strHTML=Replace(strHTML, "<br>", vbcrlf)
  strHTML=Replace(strHTML, "<BR>", vbcrlf)
  strHTML=Replace(strHTML, "<p>", vbcrlf)
  strHTML=Replace(strHTML, "<P>", vbcrlf)
  'Strips the HTML tags from strHTML
  Dim objRegExp, strOutput
  Set objRegExp = New Regexp
  objRegExp.IgnoreCase = True
  objRegExp.Global = True
  objRegExp.Pattern = "<(.|\n)+?>"
  'Replace all HTML tag matches with the empty string
  strOutput = objRegExp.Replace(strHTML, "")
  'Replace all < and > 
  strOutput = Replace(strOutput, "<", "")
  strOutput = Replace(strOutput, ">", "")
  stripHTML = strOutput    'Return the value of strOutput
  Set objRegExp = Nothing
  stripHTML = replace(stripHTML, "&nbsp;", " ")
End Function

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.