Trouble With A GuestBook

Righto,

Ive made a guestbook using ASP, SQL and Access 2000 blah blah blah, everything works fine however if a user types in some Javascript into the message field such as...


alert("BooYah, an alert!")


...then the 'viewguestbook.asp' page wil run that Javascript. Im pretty sure theres an easy answer to this but i've been scouring all over the place and cant find anything...all help appreciated!

Dave

Comments

  • : Righto,
    :
    : Ive made a guestbook using ASP, SQL and Access 2000 blah blah blah, everything works fine however if a user types in some Javascript into the message field such as...
    :
    :
    : alert("BooYah, an alert!")
    :
    :
    : ...then the 'viewguestbook.asp' page wil run that Javascript. Im pretty sure theres an easy answer to this but i've been scouring all over the place and cant find anything...all help appreciated!
    :
    : Dave
    :

    hi, you need to convert and to &ltscript> and </script>. you can done this in client or server side.
  • Lo There!

    Thanks for the reply!

    Sorry to be a pain in the ar*e but im not sure exactly which tags i need to replace with < and >...if possible could you give me it in beginners (or laymans) terms.

    Oh yea, i guess youve guessed, im a beginner ^_^ - Thanks!

    Dave
  • In the code after the Post where you pick up the form-data, use

    strInput=request("textAreaName")
    filteredInput=replace(strInput,"<","<")
    filteredInput=replace(strInput,">",">")

    /Chris
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories