unsafahtml problem

[olu]

hello please an anyone help trying to display a page on a webpage procedure but i think the unsafehtml is kicking in and blocking it. i have set script on tagOK in webserver procedure to return true but still having problems. After i debugged i got this back

Code: [Select]

[netTrace][thread=3] index[netTrace][thread=3] UnSafeHtml (2): " on" or "script" detected in <script type="               ">CREATE_THREAD_DEBUG_EVENT: tid=000010FC
so do anyone know how to sole this?

[Bruce]

indeed, the use of the <script tag makes the Html very "unsafe" (in the sense that if the user is the one creating the html this would end badly.)

So, in order to help I need more context of the exact usage you are using. Can you make a simple example - or mod any of the shipping examples to do what you are doing?

Is this <script> code from the xHtml tab of something? Like from a NetWebPage procedure maybe?

[olu]

Hi Bruce, it is from a NetWebPage and the user has no input in this, it is hard coded by me in the procedure setup embed point.

[Bruce]

ok, then post an example and I'll tell you how to tweak it.

cheers
Bruce

[olu]

Hi bruce manage to narrow the offending code. When i take this out everthing works again.
 '<script type="text/javascript">var FolderPath="news/";</script><script src="news/ns1js.js" type="text/javascript"></script>'
What can i do?

[Bruce]

>> What can i do?

post an example and I'll tell you how to tweak it.

We knew the problem revolved around your use of <script> because that's what the error told us. However it's the _context_ of your usage which is the root question.

cheers
Bruce