Removing Javascript from HREFs

We want to allow "normal" href links to other webpages, but we don't want to allow anyone to sneak in client-side scripting.

Is searching for "javascript:" within the HREF and onclick/onmouseover/etc. events good enough? Or are there other things to check?


It sounds like you're allowing users to submit content with markup. As such, I would recommend taking a look at a few articles about preventing cross-site scripting which would cover a bit more than simply preventing javascript from being inserted into an HREF tag. Below is one I found that might be useful:

Need Your Help

How to make items on a rails form sortable

javascript ruby-on-rails-4

Using Rails 4 and Ruby 1.9.3. Styling is handled by an internally developed gem based on bootstrap 3.

Boost serilaization with shared pointer and templates

c++ serialization boost boost-serialization

I'm new to C++ and how do i serialize the struct having shared pointer and template .