[% META
title = 'Add xyz'
%]
[% attack = params.taskid_login %]
[% IF attack.search('<script>') || attack.search('</script>') || attac
+k.search('alert') %] [% attack = params.taskid_login | uri | html %]
[% ELSE %][% attack = params.taskid_login %]
<p>
To add a new task ID member to <b>[% attack %]</b>, select one or
+more users from the table below.
</p>
[% WRAPPER filter.tt filterTitle='Users filter' filterAction='add_task
+id_member' %]
[% INCLUDE form_textfield.tt fieldName='filter_login' fieldValue=p
+arams.filter_login maxLength=100 %]
[% END %]
[%# Show global message is one or more members have been added... %]
[% IF NumberOfAddedRecords %]
[% INCLUDE global_message.tt globalMessage=NumberOfAddedRecords _
+' users have been added.' %]
[% END %]
[% INCLUDE form_table.tt table=PossibleMembersTable %]
Hello All. Here i have created a varibale named "attack" and checking some validation over it. params.taskid_login is the input value to "attack" variable here. I want to detect <script> and alert tags here. I think my syntax is wrong so my page containing this template is not loading. Please help?