justmorri
asked on
Input sanitization for text field
I need to add some input sanitization to an HTML text field. Here is the field:
<input size="16" name="username" value=>
How would I do this? Is it possible with Javascript? The backend script is written in Perl so I am thinking to use the HTML::Restrict module to strip away or restrict the HTML tags allowed upon submit.
<input size="16" name="username" value=>
How would I do this? Is it possible with Javascript? The backend script is written in Perl so I am thinking to use the HTML::Restrict module to strip away or restrict the HTML tags allowed upon submit.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you! I'm planning to use HTML::Restrict to just strip away the HTML tags on the server side, but wanted to give users some immediate feedback of sorts.
Sanitizing should always be done on the server side. There's no point in sanitizing on client side because the user is likely trying to break your app -- you don't need to provide them feedback on the client side.
Validation can be done client side in order to provide immediate feedback to the user without making them wait for server side processing. Validation must always be done server side, regardless of whether it was done on the client side.