CUTCODEDOWN
Minimalist Semantic Markup

Welcome Guest
Please Login or Register

If you have registered but not recieved your activation e-mail in a reasonable amount of time, or have issues with using the registration form, please use our Contact Form for assistance. Include both your username and the e-mail you tried to register with.

Author Topic: Bare bones js validate  (Read 240 times)

durangod

  • Sr. Member
  • ****
  • Posts: 364
  • Karma: +5/-0
  • Weebles Wobble - but they dont fall down!
Bare bones js validate
« on: 29 Dec 2023, 12:24:40 am »
Hi,

Ok so i took a bunch of stuff out of the js and also removed the name on the form and also used id this time.

Here is what is left over.   I do want to check for script  i do check it in php but i also want to check it in js. 

When the user clicks the submit button i combined it all into one call  function click_validate

i have to do it another way just not gonna work, i cant call one function from another function and have one return go one place and the other turn go another.....   So ill have to split it up again one part in html file and one part in js file

so i had to make a choice between validate and click validate so i got rid of the click validate,    I know you dont like that but i cant spend 2 hours trying to get < 10 lines of code to work.   So i set it back the old way.  Set the onSubmit on the submit input, removed the onClick one from the form and just have the bare bones do its thing.... and it works... :)

html input filter does not check for script which is why i want to keep this

Code: [Select]

 /*
 ==========================
  Contact Form Validation
 ==========================
 */
 

function contact_validate()
{
   
   var chekuname  = document.getElementById('contact_uname');   
   var chekemail  = document.getElementById('contact_email');
   var chekmes    = document.getElementById('contact_message');   
   var chekresp   = document.getElementById('contact_response');
   
   
    /* uname */
   
   if(chekuname.value.indexOf("<script") > -1)
   {
     alert("Invalid data in name field!");
     chekuname.focus();
     return false;
   }
   

    /* email */
     
   if(chekemail.value.indexOf("<script") > -1)
   {
     alert("Invalid data in email field!");
     chekemail.focus();
     return false;
   }
   
     
   if(chekmes.value.indexOf("<script") > -1)
   {
     alert("Invalid data in Message field!");
     chekmes.focus();
     return false;
   }
   
     /* remove tags from message content */
     /* first remove common stuff */
     /* then clean up the leftovers */
     
     var str = chekmes;
     var newt = str.replace(/href|=|"|'|<img|src=|<ul>|<li>|<p>|<strong>|<u>|<b>|<i>|<h|<|>/gi,'');
     var final = newt.replace(/\/a|\/p|\/strong/gi,'');
     chekmes.value=final;
   

     /* response (answer) */
     
   if(chekresp.indexOf("<script") > -1)
   {
     alert("Invalid data in bot question answer field!");
     chekresp.focus();
     return false;
   } 
   
 return true;
 
}//close function contact_validate

« Last Edit: 29 Dec 2023, 01:54:23 am by durangod »

Jason Knight

  • Administrator
  • Hero Member
  • *****
  • Posts: 1029
  • Karma: +188/-1
    • CutCodeDown -- Minimalist Semantic Markup
Re: Bare bones js validate
« Reply #1 on: 9 Jan 2024, 01:23:55 am »
See, I wouldn't waste time with any of this because I wouldn't generally allow JS in the first place. Systems like bbcode and markdown exist for a reason after all, thus I would simply make sure any instance of use generated content either uses those, or is output inside htmlspecialchars. Thus it wouldn't matter if someone types <script> because it would be escaped in the client-side output.
We are all, we are all, we are all FRIENDS! For today we're all brothers, tonight we're all friends. Our moment of peace in a war that never ends.

durangod

  • Sr. Member
  • ****
  • Posts: 364
  • Karma: +5/-0
  • Weebles Wobble - but they dont fall down!
Re: Bare bones js validate
« Reply #2 on: 9 Jan 2024, 06:19:53 am »
Ok makes sense to me now... thanks  :)

 

SMF spam blocked by CleanTalk

Advertisement