Jump to content

asp strip_tags()


bigggnick
 Share

Recommended Posts

You need to define your own strip_tags() function. You can strip tags easily with regex.

Public Function strip_tags(someString)	Dim myRegex	Set myRegex = new regexp	myRegex.global = True	myRegex.IgnoreCase = true	myRegex.Multiline = true	myRegex.Pattern = "<[^> ]+[\s\S]*?>"		 'matches any valid tag		strip_tags = myRegex.Replace(someString, "")End Function

You might need a more powerful regex, because that won't catch malformed tags. However, it should be good enough to get you started.

Link to comment
Share on other sites

It just occurred to me, another way to get rid of cross site scripting is using something like this:

Function sanitize_input(someString)	santize_input = Server.HTMLEncode(someString)End Function

That converts >, <, " (double quotes), and a few other characters to their harmless ascii equivalents, >, &lt, &quote;.

Link to comment
Share on other sites

  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...