if I want to validate the input of a <textarea>, and want it to contain, for example, only numerical values, but even want to give users the possibility to insert new lines, I can selected wanted characters with a javascript regex that includes...

We need to add a javascript element inside an iframe (its inside the same web/domain so no security problems attached). We got it working but dont know how to fill the script content betwen its tags...how would you do it?    var iframe = document.get...

Using JavaScript, how can i open a new window (loading, say, http://www.google.com in the process) and inject/insert this code into its body:  <script type="text/javascript">alert(document.title);</script>   I know how to open a n...

I have implemented an IE extension using C++. Its function is to inject javascript in the webpage's head tag, whenever the extension icon is clicked. I have used execScript method for script injection. It works fine but when I refresh the webpage...

I am saving user-submitted HTML (in a database). I must prevent Javascript injection attacks.  The most pernicious I have seen is the script in a style="expression(...)".  In addition to this, a fair amount of valid user content will include...

I'm working on a project which injects JS+CSS+HTML over web pages which I do not have control over.  I am concerned about the host page styling my injected code -- I want my injected code to only obey my styling, and not theirs.  At the moment th...

Many developers believe that JavaScript's eval() method should be avoided. This idea makes sense from a design perspective. It is often used as an ugly workaround when a simpler, better option is available.  However, I do not understand the conce...

I want to write such a function:  function doGoodJob(someId, callBackfunction){  // some stuff with someId  // todo: RUN callBackFunction here  }   They say eval is 'dangerous' in terms of code injection.  so, what is the best practice to wri...

We have a relatively popular website, and recently we started seeing some strange URL's popping up in our logs. Our pages reference jQuery and we started seeing pieces of those scripts being inserted into URL's. So we have logging entries lik...

How does MongoDB address SQL or Query injection? explains how to handle query injection with BSON when using javascript on the server. I haven't been able to track down how/whether Mongoose handles query injection though.  At this point I have tw...