Disabling HTML from text boxes

[imstillatwork]

I am using text boxes to leave messages on my site. I don't want anyone to be able to use HTML (or very little for color or such). What is the best way to take car of this?

I searched already, found nothing

Kevin

 

[Guest_imported]

What do you mean you are using text boxes to leave messages at you site? HOW are you doing this?

What do you mean "anyone"? Don't you want the programmers to use HTML?

Maybe you meant to ask:

"How do I prevent someone from entering HTML codes into a text-type form field?" Is that it?

 

[imstillatwork]

text boxes are what people (dosn't matter who) type information into.

later, that information is displayed on a web page.

If that information contains html code, it will be processed and displayed as any other html.

I don't want the information from the text boxes that contains html displayed.

instead, I would like it ignored, or better, removed before it is inserted in to the database

 

[Silvano]

i'll take it that you are trying to make user input "browser safe" or you want to make sure that the input does not contain any invalid characters that can be interpreted as HTML by the browser.
if that is correct you can take a closer look at the cf functions such as:

ParagraphFormat(string) - Returns string with converted single newline characters (CR/LF sequences) into spaces and double newline characters into HTML paragraph markers (<P>).

HTMLCodeFormat(string [, version ]) - Returns HTML escaped string enclosed in <PRE> and </PRE> tags. All carriage returns are removed from string, and all special characters (> < &quot; &) are escaped

HTMLEditFormat(string [, version ]) - Returns HTML escaped string. All carriage returns are removed from string, and all special characters (> < &quot; &) are escaped

StripCR(string) - Returns string with all carriage return characters removed

or you can use following JavaScript function to remove all the characters that you don't want to be processed:

function isValidText() {
var val = document.formName.formField.value;
var filteredValues = &quot;\&quot;()@\\[]|,.;:\/'<>&quot;;// characters being stripped out
var i;
var invalidData = 0;
var returnVal = &quot;&quot;;

// search through string and append to unfiltered values to returnString
for (i = 0; i < val.length; i++) {
var c = val.charAt(i);
if (filteredValues.indexOf(c) == -1) {
returnVal += c;
}
}
return(returnVal);
}



Sylvano
dsylvano@hotmail.com

 

[bbrb1966]

Hello

Add these lines before you insert into your database and html will not work:

<cfset form.txt = #Replace form.txt, &quot;<&quot;, &quot;<&quot;, &quot;ALL&quot#>
<cfset form.txt = #Replace(form.txt, &quot;>&quot;, &quot;>&quot;, &quot;ALL&quot#>


Regards, Ron

 

[bbrb1966]

Hello


This forum use html, so it is very hard to post what i mean:

<cfset form.txt = #Replace form.txt, &quot;<&quot;, &quot;code1&quot;, &quot;ALL&quot#>

instead of 'code1' u should use amplt; of course

Regards

 

[imstillatwork]

Thanks to you that helped! much appreciated IF YOU DON'T KNOW HOW A TAG WORKS...
...DOWNLOAD THE CFML REFERENCE!