Javascript code to block cross side scripting error.

Deysomnath
Posted by Deysomnath under JavaScript category on | Views : 1887
when any asp.net control contain some special charecter or combination of special charecter, we get cross sisde script error.
following are the special charecters and combination of special charecter,which cause this error
<,>,&#,#&

Solution...
There is a setting in asp.net page leve and config lavel to allow html contain if make that setting true .. you will not get this error.. but this is not recomended.. the best option is that you should not allow this charecter.. below is the javascript code which will replace all this charecter with blank...

function BlockCrossSideScriptError(obj)
{
if(obj!='[object]')
obj=document.getElementById(obj);

var text=obj.value
text=(((text.replace(/</g,'')).replace(/>/g,'')).replace(/&#/g,'')).replace(/#&/g,'')
if(obj.value!=text)
obj.value=text;
//alert('Invalid characters [<,>,#,&] are not allowed and are truncated')


return false;
}

I have written the function "BlockCrossSideScriptError" which takes the refference of the control(textbox) as a parameter and fetching the value and replace the special charecter with blank and reassigning it to the text box.

Comments or Responses

Login to post response