Member Avatar for phoenix254

I am using jQuery and prototype libarary fro this project.

I have this code so far:

HTML:

<div id="cnt"></div> <input type ="text" id="bla" name="tct"/>
Javascript:

if(e.keycode == 13){
    var text = document.getElementById('#bla');
    text= $('#bla').val();
    //text.evaljson();
    //I put a comment because it gives me error "badly formed json string"
    $('#cnt').append(text); 
   }

When I place some code like <script> alert('hello world');</script> it gets executed.

How can I remove it?

  • 3 Contributors
  • 6 Replies
  • 313 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by diafol

Recommended Answers

All 6 Replies

Member Avatar for phoenix254

your example giving me error of csrf. here is tht error
Forbidden (403)
CSRF verification failed. Request aborted.
More information is available with DEBUG=True.

Member Avatar for diafol

Sounds llke an issue with form submission. You sure it.s to do with this?

Member Avatar for phoenix254

i run his example and i putvalue in textbox and hit entere then there come that error. u can check urself

Member Avatar for diafol

Take off the form tags and

$('#bla').on('change', function () {
    var text = $('#bla').val();
    $('#cnt').append(document.createTextNode(text));
});
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.