Posted 1 year ago #
I tried typing a classic javascript code inside a textarea,
the one that makes a popup apear to whomever would open the submitted form.
Although the script code was striped out from the textarea, whenever I
clicked on the submitted form to view its contents, the popup would execute. Is there a way to strip out/validate correctly javascript code?
I want this form to be available to everyone and if javascript executes, it's a high security risk
Thank you
Posted 1 year ago #
Why in the world are you doing this?
If you need to have a JavaScript popup, don't try embedding it in the form. Use an external file for this.
Posted 1 year ago #
I'm not trying to embed javascript in the form. I'm testing the form to see if it safe for my server. Is there a way to strip-out javascript code?
Posted 1 year ago #
All data is escaped when it's inserted in the database.
This topic has been closed to new replies.
