/* Security script */ var forbiddenChars = new Array(); forbiddenChars[0] = "<"; forbiddenChars[1] = ">"; forbiddenChars[2] = "SELECT"; forbiddenChars[3] = "INSERT"; forbiddenChars[4] = "UPDATE"; forbiddenChars[5] = "DELETE"; forbiddenChars[6] = "!"; forbiddenChars[7] = "{"; forbiddenChars[8] = "}"; forbiddenChars[9] = "("; forbiddenChars[10] = ")"; forbiddenChars[11] = "["; forbiddenChars[12] = "]"; forbiddenChars[13] = "SESSION"; forbiddenChars[14] = "REQUEST"; forbiddenChars[15] = "RESPONSE"; forbiddenChars[16] = "OBJECT"; forbiddenChars[17] = "GET"; forbiddenChars[18] = "PUT"; forbiddenChars[19] = "COOKIE"; forbiddenChars[20] = "PARAM"; forbiddenChars[21] = "PARAMETER"; forbiddenChars[22] = "POST"; forbiddenChars[23] = "HTTP"; forbiddenChars[24] = "HTTPS"; forbiddenChars[25] = "SCRIPT"; forbiddenChars[26] = "//"; forbiddenChars[27] = "CGI-BIN"; forbiddenChars[28] = "CGI"; forbiddenChars[29] = "HTML"; // Checks elements: TEXT & TEXTAREA for forbidden data. function checkFields(theFormObj) { var answer = "OK"; var elementType = ""; var elementName = ""; var elementValue = ""; var elementValueOrig = ""; for (var i = 0; i -1) || (elementType.indexOf("TEXTAREA") > -1) || (elementType.indexOf("PASSWORD") > -1) ) { // check this text box: elementValue = trim(theFormObj.elements[i].value.toUpperCase()); elementValueOrig = trim(theFormObj.elements[i].value); // Parse text box data. for (var j = 0; j < forbiddenChars.length; j++) { if(elementValue.indexOf(forbiddenChars[j]) > -1) { answer = "A text box contains a forbidden value: ' " + elementValueOrig + " '.\nPlease remove it before proceeding."; theFormObj.elements[i].select(); return answer; } } } } return answer; } function trim(strText) { // this will get rid of leading spaces while (strText.substring(0,1) == ' ') strText = strText.substring(1, strText.length); // this will get rid of trailing spaces while (strText.substring(strText.length-1,strText.length) == ' ') strText = strText.substring(0, strText.length-1); return strText; }