0

I have a textbox on my website where I want to prevent any form of html input. I obviously already block it on the server side, but I also want to block it using javascript for multiple reasons. I did a quick Google search to see if there was some ready made function available but I couldn't find any.

Does anyone know how to do this?

Edit: Sorry if the question was not clear. I basically want to show an error when the user types html into the textbox and then tries to submit the form. The server is already programmed to reject HTML input from the textbox but I also want to prevent it on the client-side.

Improve this question
6
  • you dont want the user to type in?? Commented Jul 26, 2013 at 21:09
  • 3
    Have you consider blockin chars like < > ? Commented Jul 26, 2013 at 21:09
  • I don't understand this question? Are you just trying to disable an input? Or are you trying to prevent HTML markup within it? Commented Jul 26, 2013 at 21:15
  • @IanClark:may be dint understood the question!!! Commented Jul 26, 2013 at 21:18
  • 1
    anything you block with javascript can be unblocked very easy.. Commented Jul 26, 2013 at 21:30

1 Answer 1

Reset to default
2

HTML

<textarea id='noHTML'></textarea>

JS

var ta = document.getElementById('noHTML');

ta.onkeyup = function (e) {
 var val = this.value;


    // alternate regexp /<\/*(p|div|span)\s*.*>/g  
   // fill the above regex with all html tags 
 if(val.match(/<\/*[^<>]\s*.*>/g)) { 
  // alert('no html');
  // don't want an alert ? you can replace all html expressions

  // alternate syntax for all entities
  //  this.value = val.replace(/&/g, "&amp;").replace(/>/g, "&gt;").replace(/</g, "&lt;").replace(/"/g, "&quot;");
  // its long and slow but the choice is yours
  this.value = val.replace(/</g, '&lt;').replace(/>/g, '&gt;');  
 }

}

You can test and play with it at jsfiddle;

it's a light solution to your problem. my suggestion to you is to replace the entities during the form submission or if you don't want it at all you can alert the user on input.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

But I don't understand, are we trying to prevent post if tags exist? Why can't we just replace the special chars with their HTML entities.
Don't get me wrong, this would be a good solution if you wanted to stop users from posting, but you could just do something like this to change all the characters you need.
@IanClark i check that question and added in the option via comment block. just wanted to leave the option to the questionaire
Thanks man, I used the regex expression you provided to detect HTML and show a warning. Cheers :).
great, glad I could provide some assistance. since that was what you used I'll shrink my answer to reflect that

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.