I have input type text, when writing js in input field <script> alert (1) </script> it works, is it possible to disable js in input?
Thanks
<form action="" name="typing_and_press_form" id="typing_and_press_form">
<input id='typing_and_press' class="typing_and_press" type="text"
placeholder="<?php if($jobStrings) echo $jobStrings['keyword_search']; ?>">
<div class="tagsgroupkeyup"></div>
</form>
jquery:
jQuery('#typing_and_press_form').on('submit', function (event) {
event.preventDefault();
if (jQuery('#typing_and_press').val()){
var enteredValue = jQuery('#typing_and_press').val();
jQuery('.typing-press .tagsgroupkeyup').append('<div class="tagstyle"><span>' + enteredValue + '</span><span id="' + enteredValue + '" class="remove">X</span></div>');
jQuery('#typing_and_press').val('');
jQuery('#typing_and_press').text('');
}
})
This is known as a self-xss attack. Where the input is reflected onto the page, and executes javascript. To prevent this you have to use innerText, or you can also parse the input text by checking if there is any javascript in the input before showing it into the DOM.
In Jquery, you can use .text() method.
The Javascript part is:
jQuery('#typing_and_press_form').on('submit', function (event) {
event.preventDefault();
if(jQuery('#typing_and_press').val()){
var enteredValue = jQuery('#typing_and_press').val();
spanElem = jQuery('.tagsgroupkeyup').append('<div class="tagstyle"><span></span><span id="' + enteredValue + '" class="remove">X</span></div>');
spanElem.find("span:first").text(enteredValue)
jQuery('#typing_and_press').val('');
jQuery('#typing_and_press').text('');
}
})
Related
I have an input-text. If you type something, the text appears below (see code snippet).
Now, I need to do the same with a previous step: clicking a button (preferably a checkbox) to append/remove all. Here is my failed idea: DEMO (it appends the input text, but when you type, text won't apear below like it does on my code snippet).
I feel like the function to add text below does not work because there is a problem with selecting the appended element. How do I do this?
Any more simple idea to do this would be great
var name1 = document.getElementById('name');
name1.addEventListener('input', function() {
var result = document.querySelector('.X');
console.log(this.value );
result.innerHTML = this.value;
});
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<label>What is your name? </label><input type="text" id="name">
<p>Your name is: <span class="X"></span></p>
Put your first part of the snippet into appending logic while clicking the add button. As in your codes, the input box is appended to the document after its listener being attached.
if (!added) {
$content = $(NewContent).appendTo('.firstappend');
// attach listener after input box actually exists!
var name1 = document.getElementById('A');
name1.addEventListener('input', function() {
var result = document.querySelector('span.Y');
console.log(this.value );
result.innerHTML = this.value;
});
}
$(function() {
let NewContent = '<div class="added">' +
'<p>' +
'<label>What is your name? </label>' +
'<input type="text" id="A">' +
'</p>' +
'<p>Your name is: <span class="Y"></span></p>' +
'</div>';
$(".addremove").on('click', function() {
if ($(".added").length) {
$(".added").remove();
} else {
$(".firstappend").append(NewContent);
}
});
$(document).on('change keyup', '#A', function(event) {
$("span.Y").html($(event.currentTarget).val());
});
});
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<div class="toadd">
<button type="button" class="addremove">Do you have a name?</button>
</div>
<div class="firstappend"></div>
as from the DEMO you included,
appended elements to document cannot be invoked explicitly, since you're using jQuery, you can do this
$(document).on('change keyup', '#A', function(event) {
$("span.Y").html($(event.currentTarget).val());
});
I want to print a DIV from hidden field value and I have checkboxes too.
This is my jQuery function:
<script>
$(".printme").click(function () {
var printArray = [];
$("input[name='s_i_width[]']:checked").each(function (event) {
printArray.push($('#form_te' + this.value).val());
console.log($('#form_te' + this.value).val());
alert("selected" + printArray);
console.log(printArray);
var printselect;
printselect = printArray.join(',') + "";
alert("selected" + printselect);
});
})
</script>
<input type="hidden" name="xyz" id="form_te<?php echo $id;?>"value="<?php echo $id;?>" />
if it is like this
// printArray.push($(this).val());
I can get the values, but if I put like this:
printArray.push($('#form_te'+this.value).val());
I get an undefined error.
function myFunction(ID) {
var fileSelector = $('<input onchange="javascript:testFunction(' + ID + ',' + this.value +')" type="file" />');
fileSelector.click();
}
my call to the testFunction is with the correct ID, but "Undefined" for this.value
All I want is to pass the value that the input now has WITH the onchange event. Why is it not possible?
Your this keyword inside the myFunction function is the window object. You don't want that.
In fact, you want to use the this.value inside the HTML, so you don't need to interpolate strings.
function myFunction(ID) {
var fileSelector = $('<input onchange="javascript:testFunction(' + ID + ', this.value)" type="file" />');
fileSelector.click();
}
I think what are you trying achieve is simply to remove the codes from the this.value. I did write the correct code below for your requirements:
var fileSelector =
$('<input onchange="javascript:testFunction(' + ID + ', this.value)" type="file" />');
I am using javascript to create html page , but not able to call some function on button click .
var alernative = "plot1";
var buttonvalue= "mybutton";
function callme()
{alert("hello");}
$('#' + alernative).html('<div><input style="float:right;" type="button" value="' + buttonvalue+ '" onclick="' + callme() + '";></div>');
In above code , creating a button and giving its value and calling function onclick of button , but when the page loads it shows alert (that should not happen) and it is not alerting on button click .
Hoping for Suggestion or some help .
You need to pass the function name as a part of the string:
$('#' + alernative).html('<div><input style="float:right;" type="button" value="' + buttonvalue+ '" onclick="callme();"></div>');
It is a bad practice to write HTML with strings, DOM exists for one reason!
var input = $('<input/>', {
type: "button",
style: "float: right",
value: buttonValue
}),
element = $('<div/>').append(input);
input.click(function () {
callme();
});
$('#test').html(element);
I'm trying to devise a method of when adding a simple div element with a class and some data-* in it, it will replace it or add into it some other elements. This method should not be called manually, but automatically by some kind of .live() jQuery method, a custom event or some kind like $('body').bind('create.custom'), etc.
I need it this way since I wouldn't know in advance what elements will be created since they will be served through ajax like single empty div's or p's .
<!DOCTYPE html>
<html>
<head>
<title >on create</title>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js" ></script>
<script type="text/javascript" >
jQuery(function($){
$("div.fancyInput").each(function(index,element){
var $div = $(this);
var dataId = $div.attr("data-input-id");
var inputId = '';
var labelId = '';
if(!!dataId){
inputId = 'id="' + dataId + '"';
labelId = 'id="' + dataId + 'Label"';
} // if
var dataValue = $div.attr();
$(
'<p class="fancyInput" >' +
' <label ' + labelId + ' for="' + inputId + '" >A fancy input</label>' +
' <input ' + inputId + ' name="' + inputId + '" value="A fancy input" />' +
'</p>'
).appendTo($div);
}); // .each()
}); // jQuery()
</script>
<script type="text/javascript" >
jQuery(function($){
var counter = 2;
var $form = $('#form');
$('#add').click(function(event){
$('<div class="fancyInput" data-input-id="fancyInput' + counter + '" ></div>').appendTo($form);
counter++;
}); // .click
}); // jQuery()
</script>
</head>
<body>
<a id="add" href="#" > add another one </a>
<form id="form" action="#" >
<p class="normalInput" >
<label id="normalInputLabel" for="normalInput" >A normal input</label>
<input id="normalInput" name="normalInput" value="A normal input" />
</p>
<div class="fancyInput" ></div>
</form>
</body>
</html>
Update:
I checked liveQuery beforehand, it's that kind of functionality that I need, but with the ability to modify DOM elements while the event callback is executed. So it's not just that I need events attached, but the ability to modify the DOM upon element creation. For example: whenever a new is created, it should be filled in (even better if replaced) with the p, label and input tags
You could use a DOM Level 3 Event, like DOMNodeInserted. This could look like:
$(document).bind('DOMNodeInserted', function(event) {
// A new node was inserted into the DOM
// event.target is a reference to the newly inserted node
});
As an alternative, you might checkout the .liveQueryhelp jQuery plugin.
update
In referrence to your comment, have a look at http://www.quirksmode.org/dom/events/index.html, only browser which do not support it are the Internet Explorers of this this world (I guess IE9 does at least).
I can't say much about the performance, but it should perform fairly well.