|
List Info
Thread: RE: Scrubbing user inputs
|
|
| RE: Scrubbing user inputs |
 
United States |
2008-07-21 09:20:33 |
|
Again, am unsure of what your client is, or how you are
accepting the input, but one idea is to use the freely available fckeditor as a
javascript text area input on your forms. When you do a paste from Word to the editor,
it scrubs the input, and converts it into clean HTML, so bullets still look
nice, but are now in HTML. This is a tremendous tool for bringing very nicely
formatted text into a text area. It is also a nice in-line web editor for direct
entry as well. Application Express now has this editor built into it as one of
the options for a text area.
Dwayne
From: ml-errors fatcity.com
[mailto:ml-errorsfatcity.com] On Behalf Of Begenwald, Joe
Sent: Monday, July 21, 2008 9:01 AM
To: Multiple recipients of list ODTUG-WEBDEV-L
Subject: RE: Scrubbing user inputs
Didn’;t mean to imply that it couldnR17;t or
shouldn’t be done in the database. I agree that’;s the best
approach. I was just saying you shouldn�217;t be
“;criticized” (if that’;s even what it was) for saying you
̶0;needed�221; to handle this on the client.
From:
ml-errorsfatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of Monty
Latiolais
Sent: Friday, July 18, 2008 6:11 PM
To: Multiple recipients of list ODTUG-WEBDEV-L
Subject: RE: Scrubbing user inputs
I appreciate all giving of their time to look at this.
I do have access to both client and server side. Based on the
responses I’ve received, I will “scrub” it server-side.
I thought this type of validation would normally be done
client-side. That was my motivation as much as anything.
Have a great weekend!
Monty
From:
ml-errorsfatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of Begenwald,
Joe
Sent: Friday, July 18, 2008 4:35 PM
To: Multiple recipients of list ODTUG-WEBDEV-L
Subject: RE: Scrubbing user inputs
I’m just guessing here, John (and James, too), but perhaps
Monty will only have access to the client code, and may not pe permitted to
make server-side changes. Not ideal, I grant you, but all too common.
From:
ml-errorsfatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of John
Flack
Sent: Friday, July 18, 2008 12:11 PM
To: Multiple recipients of list ODTUG-WEBDEV-L
Subject: RE: Scrubbing user inputs
Tell us a little more – what errors are you getting
– error code, additional information?
What is the datatype of the parameter to your
R20;action” procedure that processes input from the form? ; What
is the datatype of the comment column in your table? Why do you need to
handle it client-side?
I have used a “clean-up”; routine that handles this
server side – it removes white space from the beginning and end of the
incoming data, changes non-printable characters to spaces, removes extra spaces
and normalizes carriage returns and linefeeds to CRLF sequences before storing
the data in the database.
From:
ml-errorsfatcity.com [mailto:ml-errorsfatcity.com] On Behalf Of Monty
Latiolais
Sent: Friday, July 18, 2008 11:31 AM
To: Multiple recipients of list ODTUG-WEBDEV-L
Subject: Scrubbing user inputs
Hello
all,
I’ve
built a simple html form using the pl/sql web toolkit that has a place for the
user to include comments.
It’s
been in production for months if not years.
Recently,
we’ve experienced errors related to the content of the comments
and I’ve traced it to users cutting and pasting content from MS Word
directly into the web form comments field.
Even
that is fine except for when the user attempts to paste in bullets.
I’ll
have to handle this on the client-side. Any ideas?
Regards,
Monty
|
[1]
|
|
|
about | contact Other archives ( Real Estate discussion Medical topics )
|