Security issue with saving data – Filter entries before saving

Posted: September 30, 2010 in Javascript
Tags: ,

HtmlEncode: function (text) {
 encodedText = text.replace(/&/g, “&”);
        encodedText = encodedText.replace(/</g, “&lt;”);
        encodedText = encodedText.replace(/>/g, “&gt;”);
        encodedText = encodedText.replace(/”/g, “&quot;”);
        encodedText = encodedText.replace(/’/g, “'”);
        encodedText = encodedText.replace(/\\/g, “\”);
        return encodedText;
}
HtmlDecode: function (text) {
        decodedText = text.replace(/&amp;/g, “&”);
        decodedText = decodedText.replace(/&lt;/g, “<“);
        decodedText = decodedText.replace(/&gt;/g, “>”);
        decodedText = decodedText.replace(/&quot;/g, “\””);
        decodedText = decodedText.replace(/'/g, “‘”);
        decodedText = decodedText.replace(/\/g, “\\”);
        return decodedText;
}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s