Hi,
How can i handle user inputs with textarea, i need to strip user entered html tags, store text somewhere and display it back in a webpage. I also need to take care about line breaks
Any best practices without using <pre> tag ?
views:
32answers:
3
A:
if you're using PHP, you can always use the nl2br() function to display the text back on the page.
Mike Sherov
2010-02-12 01:30:28
A:
You can always do a find-replace of \n with <br /> to preserve line breaks.
However, stripping html is a bit trickier. The easiest thing to do is replace < and > with < and >. But that doesn't actually strip the html, it merely forces it to render as plain text instead of html.
You could use a regex replace to remove <anything> but that has many potential pitfalls.
Joel Potter
2010-02-12 01:30:58
A:
I created a function called SafeComment designed to eliminate the problem characters from the input for SQL, javascript, HTML and VB. Since our sites and code are almost all VB & VB script. It's function is to allow any freeform input field to be successfully received, processed, saved and displayed. We needed it to maintain PCI compliance. It's not pretty, but it works.
Function SafeComment(ByVal strInput)
' Renders Any Comment Codes Harmless And Leaves Them HTML readable In An eMail Or Web Page
' Try: SafeComment("`~!@#$%^&*()_+=-{}][|\'"";:<>?/.,")
SafeComment = ""
If Len(strInput) = 0 Then Exit Function
SafeComment = Replace( _
Replace(Replace(Replace( _
Replace(Replace(Replace( _
Replace(Replace(Replace( _
Replace(Replace(Replace( _
Server.HtmlEncode(Trim(strInput)), _
":", ":"), "-", "-"), "|", "|"), _
"`", "`"), "(", "("), ")", ")"), _
"%", "%"), "^", "^"), """", """), _
"/", "/"), "*", "*"), "\", "\"), _
"'", "'")
End Function
Dave
2010-02-12 01:42:34