Parsing special characters and converting to HTML (Escaping Strings)

Question

Hi All, I am facing a small problem with parsing text entered in HTML format. Was successful in converting open and close tags etc, but how do i recognize "next line (entered text)" in the text area ?

Please help

<script type="text/javascript">

jQuery(function($) {

    $('#submit').click(function() {
    var htmlval = $('#textEntry').val();
    $('p.escape').text(htmlval);
    $('p.escape').escapeHtml();
    });


});

(function($) {


$.fn.escapeHtml = function() {
    this.each(function() {
        $(this).html(
            $(this).html()
                .replace(/"/g,"&quot;")
                .replace(/&/g,'&amp;')
                .replace(/</g,'&lt;')
                .replace(/>/g,'&gt;')
                .replace(/'/g,'&apos;')
        );
    });
    return $(this);
}

})(jQuery);

</script>

HTML is as follows..

<p class="escape"></p>
<br>
<textarea name="text" id="textEntry"></textarea><input type="submit" id="submit" value="submit" />

Answer 1

Don't bother escaping the text client-side, if someone was malicious they would just submit it manually and bypass your fancy javascript. Escape the text server-side before you interact with the DB.