DataTables
Advanced interaction
features for your tables.
Editor
Comprehensive editing
library for DataTables.
Manual
Download
Show site navigation

Way to sanitize text inputs

Way to sanitize text inputs

mfitportalmfitportal Posts: 20Questions: 7Answers: 0
in DataTables 1.10

So I've noticed that you can enter in html code for the text field in an editor and it just accepts it as html code. Example I use <strong>words<strong> and it displays as words. Is there anyway to sanitize the input before it gets sent to the database?

Answers

  • CaptaincapslockCaptaincapslock Posts: 3Questions: 0Answers: 0

    Depending on what you want, it might be better to sanitize after retrieving from the database.

    function sanitize(unsafeString){
    return new Option(unsafeString).innerHTML;
}

$("#mytable").DataTable({
  columns: [{
    title: "Column"
  }, ],
  data: [
    [sanitize("<script>alert(1);</script>")]
  ]
});
This discussion has been closed.

DataTables

DataTables designed and created by SpryMedia Ltd.
© 2007-2023 MIT licensed. Privacy policy. Supporters.
SpryMedia Ltd is registered in Scotland, company no. SC456502.