Disabling HTML code in a form field
2 views
Skip to first unread message
IceKoldPearl
Sep 30, 2008, 10:02:26 AM9/30/08
to Webmasters Helping Webmasters
I'd like to disable HTML code from being entered into an email
response form that appears on my website. Does anyone know how to do
this? I would prefer the recipients of the forms to receive emails
that do not contain active hyperlinks. I dont' mind that the URL
appears - I just do not want them to be clickable. Does that question
make sense? Please help if you can. Thanks in advance.
response form that appears on my website. Does anyone know how to do
this? I would prefer the recipients of the forms to receive emails
that do not contain active hyperlinks. I dont' mind that the URL
appears - I just do not want them to be clickable. Does that question
make sense? Please help if you can. Thanks in advance.
Vision Jinx
Oct 1, 2008, 6:37:09 AM10/1/08
to Webmasters Helping Webmasters
Hi,
You can try this
function _notags(x){return x.replace(/<\/?[^>]+>/gi,"")}
But it is important to point out that you need to also do HTML/Tag
stripping on the server side script too as your client side javascript
checking could be bypassed (or disabled) so you always need that
server side cleansing also.
If using PHP you can check out some of these links
http://www.php.net/strip-tags
http://www.php.net/manual/en/function.htmlentities.php
http://www.php.net/manual/en/function.htmlspecialchars.php
(If you require all HTML character entities to be translated, use
htmlentities() instead.)
With regard to the other part of your question, while this will strip
tags from strings (x) some email clients will automatically convert
urls into clickable links so you may have no control if someones email
client converts www.domain.com into a clickable link. If you are
really against it, then another option people use is to convert the
dots to '(dot)' so it would read www(dot)domain(dot)com. You can just
do a string replace on the returned data (or add it to the function I
posted) >> http://www.w3schools.com/jsref/jsref_replace.asp
eg. function _notags(x){return x.replace(/<\/?[^>]+>/gi,"").replace(/
\./g, "(dot)");}
You may need to tweak it a bit so it does not convert end of sentence
periods as (dot) also, but if your only doing it to form values (like
email addys and names etc) then it should not matter as much as your
not stripping chunks of HTML code.
Hope that helps :-)
Cheers!
Vision Jinx
You can try this
function _notags(x){return x.replace(/<\/?[^>]+>/gi,"")}
But it is important to point out that you need to also do HTML/Tag
stripping on the server side script too as your client side javascript
checking could be bypassed (or disabled) so you always need that
server side cleansing also.
If using PHP you can check out some of these links
http://www.php.net/strip-tags
http://www.php.net/manual/en/function.htmlentities.php
http://www.php.net/manual/en/function.htmlspecialchars.php
(If you require all HTML character entities to be translated, use
htmlentities() instead.)
With regard to the other part of your question, while this will strip
tags from strings (x) some email clients will automatically convert
urls into clickable links so you may have no control if someones email
client converts www.domain.com into a clickable link. If you are
really against it, then another option people use is to convert the
dots to '(dot)' so it would read www(dot)domain(dot)com. You can just
do a string replace on the returned data (or add it to the function I
posted) >> http://www.w3schools.com/jsref/jsref_replace.asp
eg. function _notags(x){return x.replace(/<\/?[^>]+>/gi,"").replace(/
\./g, "(dot)");}
You may need to tweak it a bit so it does not convert end of sentence
periods as (dot) also, but if your only doing it to form values (like
email addys and names etc) then it should not matter as much as your
not stripping chunks of HTML code.
Hope that helps :-)
Cheers!
Vision Jinx
IceKoldPearl
Oct 1, 2008, 10:41:06 AM10/1/08
to Webmasters Helping Webmasters
Awesome - this is very helpful. Thank you!
On Oct 1, 5:37 am, Vision Jinx <vjn...@gmail.com> wrote:
> Hi,
>
> You can try this
>
> function _notags(x){return x.replace(/<\/?[^>]+>/gi,"")}
>
> But it is important to point out that you need to also do HTML/Tag
> stripping on the server side script too as your client side javascript
> checking could be bypassed (or disabled) so you always need that
> server side cleansing also.
>
> If using PHP you can check out some of these links
>
> http://www.php.net/strip-tagshttp://www.php.net/manual/en/function.htmlentities.phphttp://www.php.net/manual/en/function.htmlspecialchars.php
>
> - Show quoted text -
On Oct 1, 5:37 am, Vision Jinx <vjn...@gmail.com> wrote:
> Hi,
>
> You can try this
>
> function _notags(x){return x.replace(/<\/?[^>]+>/gi,"")}
>
> But it is important to point out that you need to also do HTML/Tag
> stripping on the server side script too as your client side javascript
> checking could be bypassed (or disabled) so you always need that
> server side cleansing also.
>
> If using PHP you can check out some of these links
>
> (If you require all HTML character entities to be translated, use
> htmlentities() instead.)
>
> With regard to the other part of your question, while this will strip
> tags from strings (x) some email clients will automatically convert
> urls into clickable links so you may have no control if someones email
> client convertswww.domain.cominto a clickable link. If you are
> htmlentities() instead.)
>
> With regard to the other part of your question, while this will strip
> tags from strings (x) some email clients will automatically convert
> urls into clickable links so you may have no control if someones email
> really against it, then another option people use is to convert the
> dots to '(dot)' so it would read www(dot)domain(dot)com. You can just
> do a string replace on the returned data (or add it to the function I
> posted) >>http://www.w3schools.com/jsref/jsref_replace.asp
>
> eg. function _notags(x){return x.replace(/<\/?[^>]+>/gi,"").replace(/
> \./g, "(dot)");}
>
> You may need to tweak it a bit so it does not convert end of sentence
> periods as (dot) also, but if your only doing it to form values (like
> email addys and names etc) then it should not matter as much as your
> not stripping chunks of HTML code.
>
> Hope that helps :-)
>
> Cheers!
> Vision Jinx
>
> On Sep 30, 8:02 am, IceKoldPearl <icekoldpe...@gmail.com> wrote:
>
>
>
> > I'd like to disable HTML code from being entered into an email
> > response form that appears on my website. Does anyone know how to do
> > this? I would prefer the recipients of the forms to receive emails
> > that do not contain active hyperlinks. I dont' mind that the URL
> > appears - I just do not want them to be clickable. Does that question
> > make sense? Please help if you can. Thanks in advance.- Hide quoted text -
> dots to '(dot)' so it would read www(dot)domain(dot)com. You can just
> do a string replace on the returned data (or add it to the function I
> posted) >>http://www.w3schools.com/jsref/jsref_replace.asp
>
> eg. function _notags(x){return x.replace(/<\/?[^>]+>/gi,"").replace(/
> \./g, "(dot)");}
>
> You may need to tweak it a bit so it does not convert end of sentence
> periods as (dot) also, but if your only doing it to form values (like
> email addys and names etc) then it should not matter as much as your
> not stripping chunks of HTML code.
>
> Hope that helps :-)
>
> Cheers!
> Vision Jinx
>
> On Sep 30, 8:02 am, IceKoldPearl <icekoldpe...@gmail.com> wrote:
>
>
>
> > I'd like to disable HTML code from being entered into an email
> > response form that appears on my website. Does anyone know how to do
> > this? I would prefer the recipients of the forms to receive emails
> > that do not contain active hyperlinks. I dont' mind that the URL
> > appears - I just do not want them to be clickable. Does that question
>
> - Show quoted text -
Reply all
Reply to author
Forward
0 new messages