Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Satya 10 posts 28 karma points
    Mar 13, 2015 @ 07:32
    Satya
    0

    How to restrict javascript alert in umbraco home page

    Hi,

    I have an issue like

    I have created one document type with property name news and type is textbox multiple.

    In content page textbox i have entered <script>alert('hi')</script>.

    Save and Published this.

    Script executing in textbox control, alert showing in home page.

    i want to restrict javascript in textbox control. Can anyone help me on this please.

    in xslt i have given <xsl:value-of select="./teaserDesc" disable-output-escaping="yes"/> but its not restricting alert message.

  • Jan Skovgaard 11280 posts 23678 karma points MVP 11x admin c-trib
    Mar 13, 2015 @ 07:45
    Jan Skovgaard
    0

    Hi Satya and welcome to our :)

    What is the purpose of your alert? Should it only be used in the Umbraco backoffice? And what exact version of Umbraco are you using?

    /Jan

  • Satya 10 posts 28 karma points
    Mar 13, 2015 @ 07:51
    Satya
    0

    Hi Jan thanks for your reply

    i am using Umbraco 7.2.1 version.

    Actually i have developed one website, that given QA for testing. QA entered javascript alert('hi') instead of text in textbox. showing alert in home page when page is refreshed.

    reaised ticket for this. i want resolve this issue. If knows pls help me.

  • Jan Skovgaard 11280 posts 23678 karma points MVP 11x admin c-trib
    Mar 13, 2015 @ 08:23
    Jan Skovgaard
    0

    Hi Satya

    Ok, so you have a form on your public facing website, which picks up data and creates a node in the umbraco backoffice based on the form entry?

    Or have QA entered the javascript directly on the node in the backoffice? If so...is it then for the purpose of displaying a code example on the public facing website?

    Please provide as much information as possible since it's essential that I understand the issue before proposing a solution.

    Looking forward to hearing from you.

    /Jan

  • Satya 10 posts 28 karma points
    Mar 13, 2015 @ 08:44
    Satya
    0

    Hi Jan,

    There is no purpose for giving javascript alert on the node in the backoffice, it is just QA testing purpose given. But script allowing to execute textbox.

    i dont know whether it is issue or not, if there any solution for this we can restrict to execute script in textbox.

    Satya.

  • Chriztian Steinmeier 2800 posts 8790 karma points MVP 8x admin c-trib
    Mar 13, 2015 @ 09:15
    Chriztian Steinmeier
    0

    Hi Satya,

    You have a couple of options for dealing with this, and the simplest is just to remove the disable-output-escaping attribute (or set it to "no", which is the default):

    <xsl:value-of select="teaserDesc" />
    

    This way, it's impossible to render actual HTML markup from the teaserDesc field. You will instead get any HTML entered, displayed as code, and it won't "execute" - which also means that any JavaScript entered in that field won't run in the page.

    If you need to fully remove the tags you could try using the StripHtml() extension, like this:

    <xsl:value-of select="umbraco.library:StripHtml(teaserDesc)" />
    

    /Chriztian

  • Satya 10 posts 28 karma points
    Mar 13, 2015 @ 09:59
    Satya
    0

    Hi Jan,

    I have given like as you mentiond above, still alert is showing in home page. Please find the below screenshot.

Please Sign in or register to post replies

Write your reply to:

Draft