Archive for September, 2010

Security issue with saving data – Filter entries before saving

Posted: September 30, 2010 in Javascript
Tags: ,
0

HtmlEncode: function (text) {
 encodedText = text.replace(/&/g, “&”);
        encodedText = encodedText.replace(/</g, “&lt;”);
        encodedText = encodedText.replace(/>/g, “&gt;”);
        encodedText = encodedText.replace(/”/g, “&quot;”);
        encodedText = encodedText.replace(/’/g, “'”);
        encodedText = encodedText.replace(/\\/g, “\”);
        return encodedText;
}
HtmlDecode: function (text) {
        decodedText = text.replace(/&amp;/g, “&”);
        decodedText = decodedText.replace(/&lt;/g, “<“);
        decodedText = decodedText.replace(/&gt;/g, “>”);
        decodedText = decodedText.replace(/&quot;/g, “\””);
        decodedText = decodedText.replace(/'/g, “‘”);
        decodedText = decodedText.replace(/\/g, “\\”);
        return decodedText;
}