html - Restrict certain characters in textarea input? -


i have textarea on web page , make people can't put characters &, *, <, or > in it. there way can html? if not, can use php.

if using input there several options available type attribute, such color, date, email, number, tel. see https://developer.mozilla.org/en/docs/web/html/element/input.

with textarea not have these options. however, can use javascript listen key events , ignore key presses. see http://jsfiddle.net/tg300eef/.

var ta = document.getelementbyid("ta"); ta.addeventlistener(     'keypress',     function (e) {         // test key codes want filter out.         if (e.keycode == 60) {             alert('no "<"!');             // prevent default event action (adding             // character textarea).             e.preventdefault();         }     } );

this not protect incorrect or malicious inputs. is, if use javascript filter characters out of textarea still trivial user bypass restriction (just turn off javascript, example).

the correct way handle user inputs must used in other commands -- such sql query, or http request, , on -- use appropriate escaping routine. may mysqli_real_escape_string mysql queries, htmlspecialchars embedding user input in html, urlencode http requests, , on. must done server because cannot trust client (in other words, user) you.

sometimes see stripping routines remove special characters or terms. these can more difficult right, when trying allow special terms not others. happens html want strip out things <script> , <iframe> leave in things such <strong> , <h1>. example allowing user use subset of sql filter search results.

the problem stripping is interpreter (of whatever language -- didn't write) recognizes commands or syntaxes did not anticipate, , through have security vulnerabilities. 1 reason makes sense have restricted languages such markdown though html can same , more.

another problem stripping user may want use special characters or phrases other purposes, not instruction. example, may want write 0 < x > 10 html stripper may reduce 0 10 unfairly.


Comments

Post a Comment

Popular posts from this blog

toolbar - How to add link to user registration inside toobar in admin joomla 3 custom component -

im trying write component admin side , need add user creation. dont want duplicate existing codes add link. know how add task not simple link toolbar. thx help. if wanting button opens new user screen can try in component: $bar = jtoolbar::getinstance('toolbar'); $bar->appendbutton('link', 'users', 'new user','index.php?option=com_users&task=user.add'); you need add view.html.php file wherever you're creating toolbar. is need?
Read more

linux - disk space limitation when creating war file -

i have 1 gb disk space limitation hosting app , have used 700mb of it. however want create war file directory big (around 600mb) using command : jar -cvf root.war folderpath that's why encounter quota limitation , can't following. i'm looking way delete folder content when it's applying archive conserve disk space take note can't install zip tool in ssh shell ~ the code works on test directories, test first anyway, deletes files. it's not efficient. assumptions: 300mb free space, in destructively compress 600mb folderpath directory. none of files big -- if file in folderpath 300mb or larger, fail. notes: if ' $out ' file exists, nothing. first find pipes file list while , if ' $out ' doesn't exist in loop, create it, don't update -- if does exist, update it. each pass adds 1 more file, deletes unless file directory. after loop finishes delete empty directories too. unset u ; in=folderpath ; out=roo...
Read more