Member Avatar for phoenix254

I am using jQuery and prototype libarary fro this project.

I have this code so far:

HTML:

<div id="cnt"></div> <input type ="text" id="bla" name="tct"/>
Javascript:

if(e.keycode == 13){
    var text = document.getElementById('#bla');
    text= $('#bla').val();
    //text.evaljson();
    //I put a comment because it gives me error "badly formed json string"
    $('#cnt').append(text); 
   }

When I place some code like <script> alert('hello world');</script> it gets executed.

How can I remove it?

  • 3 Contributors
  • 6 Replies
  • 314 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by diafol
Member Avatar for phoenix254

your example giving me error of csrf. here is tht error
Forbidden (403)
CSRF verification failed. Request aborted.
More information is available with DEBUG=True.

Member Avatar for diafol

Sounds llke an issue with form submission. You sure it.s to do with this?

Member Avatar for phoenix254

i run his example and i putvalue in textbox and hit entere then there come that error. u can check urself

Member Avatar for diafol

Take off the form tags and

$('#bla').on('change', function () {
    var text = $('#bla').val();
    $('#cnt').append(document.createTextNode(text));
});
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.