TechQA.

javascript : How to prevent user from entering = in textbox?

1.4k views Asked by At

I have a requirement where i have to prevent users from entering = in textbox in entire application to prevent vulnerability.

<input type="text"></input>

I have been using antisamy-1.4.4.xml and XSSFilter.java which takes care of quite a few vulnerability checks but does not check for '=' sign entered in textbox. Is there anyway i can do for a textbox that will be done for the entire application?

javascript validation antisamy
Original Q&A
4

There are 4 answers

2
JoshG On BEST ANSWER

You could attach a listener to the input elements in the document, check if the user has pressed the = key, and if so, take an action.

Something like this should work:

const textInput = document.querySelector('input');
textInput.addEventListener("keydown", function(event) {
    if (event.keyCode === 187) {
     console.log("equals pressed");
        // Prevent default behaviour
        event.preventDefault();
        return false;
    }
});
<input type="text"></input>

But I wouldn't rely on this as being "secure" since a user can override the JS behavior in their browser. You should still sanitize the input on the server-side.

Update

To handle the case where a user pastes something into the input field, you could intercept the pasted string and strip the illegal characters (equals sign in this case).

Example:

textInput.onpaste = function(e) {
    e.preventDefault();
    clipboardData = e.clipboardData;
  pastedData = clipboardData.getData('Text');
  textInput.value = pastedData.replace("=", "");
}

Or you could just e.preventDefault() to disable pasting altogether.

2
CodeF0x On

On the frontend, you can use JavaScript to prevent that:

document.getElementById('text').onkeydown = function(e) {
  const code = e.which || e.keyCode;
  if (code === 187) {
    e.preventDefault();
  }
}
<input type="text" id="text">

But you always need to validate the input on the server-side too!

0
M.Hemant On

first, you need to add selector class like id or class then you just need to add this js code to your page

$(document).ready(function () {
  $('#textnote').keydown(function (e) {
      if (e.keyCode == 61) {
          e.preventDefault();
          return false;
       }
  });
});
0
Sivaramakrishnan On

You should listen to the keypress event of the input field and prevent the '=' key. 

<script>
document.getElementById("text_input").addEventListener("keypress", function(event){
  if(event.which==187 || event.keyCode==187){
event.preventDefault();
}
});
</script>

Related Questions in JAVASCRIPT

Related Questions in VALIDATION

Related Questions in ANTISAMY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions