using jquery or JavaScript to prevent user from typing a character string in a textbox

I'm using jquery and html.

Example Fiddle
https://jsfiddle.net/0as78yb1/

I'm using jquery to prevent a user from typing the less than symbol which is < and the greater than symbol >


How do i revise my fiddle to..

allow the less symbol < 
allow the greater than symbol >
allow this character /

The only thing I want to restrict is, don't allow a user to type the greater than > if it was preceded with this symbol /

So if a user typed these symbols right next to each other /> don't allow the greater than symbol at that point.

So if a user types / >  , that would be ok because there is a space in between then

Basically i'm trying to not allow a user to type a closing html tag.

How do I revise my fiddle to do that?
LVL 1
maqskywalkerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chinmay PatelChief Technical NinjaCommented:
Hi Maq,

I think you want to sanitize user input. May Is suggest an alternative, why don't you encode user input and then process it further.

Also it is highly recommend that you do this processing on server side as client side can be bypassed easily.

Let me know if you are doing this for just learning then we can try using Regex (But in my experience Regex is as good as an air-bag when it comes to security - i.e. It will work in most of the cases but there is a probability of a crash where they won't deploy/work as expected).

Let me know your thoughts and I will suggest alternatives.

Regards,
Chinmay.
0
Julian HansenCommented:
I agree with Chimay on this.

You don't do this in the browser.
Why? Because browser submissions can be fudged. You restrict the entering of data in the browser and then someone comes along, uses the console / scratchpad to write their own code to disable your code or add the content they want and bingo gaping security hole.

Rule 1: never ever trust ANYTHING that comes from the browser. Assume everything is a hack attempt.

If you follow this rule you will be on your way to building secure applications.

Rather - in your server code run a process to encode HTML Entities so that < becomes &lt; and > becomes &gt; etc. If you are storing the submission then you either
a) Store the raw post and then encode on retrieval
b) Encode and store

Which one you use depends on your specific circumstances. Personally I encode before I store and then if (for whatever reason) I need the original - I decode the contents from the DB

This way you won't ever accidentally send something back to the browser that could result in a XSS attack.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
maqskywalkerAuthor Commented:
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
HTML

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.