Community
Learn
Tools Library
AI Tools
Leisure
search
English
javascript - Code for filtering user input <script>alert(0)</script>
淡淡烟草味
淡淡烟草味 2017-05-16 13:02:39
0
3
760

I would like to ask, if the user enters a code command, how to filter out the effect? For example, if a user submits the sentence <script>alert(0)</script>, it needs to be submitted to the backend and then displayed in the frontend. However, if it is displayed in the frontend, alert will definitely be executed. How to filter it out so that it can be displayed directly? God, please help me~

淡淡烟草味
淡淡烟草味

reply all(3)
我想大声告诉你
我想大声告诉你2017-05-16 13:04:39 3 floor

php’s htmlspecialchars()
front-end
`function htmlspecialchars(str)
{

str = str.replace(/&/g, '&amp;');  
str = str.replace(/</g, '<');  
str = str.replace(/>/g, '>');  
str = str.replace(/"/g, '&quot;');  
str = str.replace(/'/g, '&#039;');  
return str;

} `

Like +0
Add Reply
phpcn_u1582
phpcn_u15822017-05-16 13:04:39 2 floor

php’s htmlspecialchars()

Like +0
Add Reply
滿天的星座
滿天的星座2017-05-16 13:04:39 1 floor

Two places for filtering, one is filtering when user input is stored in the database, and the other is filtering when displaying. The filtering method is htmlspecialchars(). Personally, I prefer filtering when displaying to ensure the originality of user input. Accuracy of data

Like +0
Add Reply
Popular Topics
More>
Popular Articles
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template