Way to sanitize text inputs

Way to sanitize text inputs

mfitportalmfitportal Posts: 20Questions: 7Answers: 0

So I've noticed that you can enter in html code for the text field in an editor and it just accepts it as html code. Example I use <strong>words<strong> and it displays as words. Is there anyway to sanitize the input before it gets sent to the database?

Answers

  • CaptaincapslockCaptaincapslock Posts: 3Questions: 0Answers: 0

    Depending on what you want, it might be better to sanitize after retrieving from the database.

    function sanitize(unsafeString){
        return new Option(unsafeString).innerHTML;
    }
    
    $("#mytable").DataTable({
      columns: [{
        title: "Column"
      }, ],
      data: [
        [sanitize("<script>alert(1);</script>")]
      ]
    });
    
This discussion has been closed.