Print Page | Close Window

Restrict javascript usage in RTE Printed From: Web Wiz Forums Category: Web Wiz Web App Support Forums Forum Name: Web Wiz Rich Text Editor (RTE) Forum Description: Support forum for the Web Wiz Rich Text Editor (RTE). URL: https://forums.webwiz.net/forum_posts.asp?TID=27698 Printed Date: 29 March 2026 at 2:07pm Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com Topic: Restrict javascript usage in RTE Posted By: kansaiben Subject: Restrict javascript usage in RTE Date Posted: 17 August 2009 at 7:42pm I use the RTE in an event calendar using ASP where a user can add and edit events. I don't want users adding malicious code to the system so am trying to limit the use of javascript. Having a strange problem though. When a user types the following in the RTE text area (not HTML view): <script type="text/javascript">alert("I am an alert box!");</script> it is converted by the RTE to: &lt;script type="text/javascript"&gt;alert("I am an alert box!");&lt;/script&gt; when entered in the data base. Should a user choose to edit this entry, they use another page where the previously entered values in the database are used to populate the form elements, the RTE text area included. So for example, the text area uses code like this: <textarea cols="65" rows="33" name="exampleEventDescription" id="exampleEventDescription"><%=(exampleRS.Fields.Item("exampleEventDescription").Value)%></textarea> when I do this though, the text area entry gets converted back to: <script type="text/javascript">alert("I am an alert box!");</script> and the alert box pops up. I can't figure out how to stop this from happening. Any help? Replies: Posted By: WebWiz-Bruce Date Posted: 18 August 2009 at 9:35am Try using the following:- <textarea cols="65" rows="33" name="exampleEventDescription" id="exampleEventDescription"><% = HTMLencode((exampleRS.Fields.Item("exampleEventDescription").Value)) %></textarea> ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting Posted By: kansaiben Date Posted: 18 August 2009 at 5:07pm Cheers, that really helped. I did have to modify the syntax just a bit to get it to work, but saved me from pulling all my hair out. <textarea cols="65" rows="33" name="exampleEventDescription" id="exampleEventDescription"><% = Server.HTMLEncode((exampleRS.Fields.Item("exampleEventDescription").Value)) %></textarea>

Print Page | Close Window Forum Software by Web Wiz Forums® version 12.08 - https://www.webwizforums.com Copyright ©2001-2026 Web Wiz Ltd. - https://www.webwiz.net