how to add script alert test script inside a text box

Question

This is strange requirement     I want to  lt script gt alert  test    lt  script gt  in an input type text but it should not execute the alert       I just need to set the text  lt script gt alert  test    lt  script gt   Am using nwt framework    And also is this do-able in JS   Thanks  Md Waseem

User · Answer

I want to alert  test    in an input type text but it should not execute the alert alert prompt      lt input type  text  value   lt script gt alert  test    lt  script gt     gt    Produces      You can do this programatically via JavaScript  First obtain a reference to the input element  then set the value attribute   var inputElement   document querySelector  input    inputElement value     lt script gt alert  test    lt   script gt

User · Answer

JQuery version      yourInputSelectorHere   val   lt script gt alert  test    lt   script gt

User · Answer

is you want fix XSS on input element  you can encode string before output to input field  PHP    str   htmlentities  str     C    str   WebUtility HtmlEncode str     after that output value direct to input field    lt input type  text  value   lt  php echo  str    gt

User · Answer

I usually do it element value   lt script gt alert  test    lt  script gt      If sounds like you are generating an inline  lt script gt  element  in which case the  lt  script gt  will end the HTML element and cause the script to terminate in the middle of the string   Escape the   so that it isn t treated as an end tag by the HTML parser   element value     lt script gt alert  test    lt   script gt

User · Answer

Ok to answer this   I simply converted my  lt  and the  gt  to  amp lt  and  amp gt   What was happening previously is i used to set the text  lt script gt alert  1   lt  script gt  but before setting the text in the input text browserconverts  amp lt  and  amp gt  as  lt  and the  gt   So hence converting them again to  amp lt  and  amp gt since browser will understand that as only tags and converts them   than executing the script inside  lt input type  text    gt

[javascript] how to add <script>alert('test');</script> inside a text box?

Examples related to javascript

Examples related to node.js