Removing any html/formatting/ect from text string as it is pasted, via Javascript/JQuery?

views:

answers:

+2 Q:

Removing any html/formatting/ect from text string as it is pasted, via Javascript/JQuery?

Not sure if this is possible across all modern browsers, but is there any way, using javascript/jquery to remove all html tags, css formatting, word doc format codes, ect. from a string of text as it is being pasted into an input area of a page (in my case an element set as "contenteditable), so it always goes in as just pure plaintext?

Of course, before even thinking about the cleaning/sanitizing portion of the problem, I first need a reliable way of listening for and capturing text from a paste event, which I'm not sure how to do either.

Thanks in advance!

Probably this is possible, but I would say inadvisable as a security measure, since any client side code can be tampered with. How would you cater for a case where javascript was turned off? Or someone posting to your page while using the firebug debugger and skipping over the validation?

Use client side for faster feedback to the user, but do not rely on that.

Use server side validation and sanitizing to do the real work.

Oded 2010-06-22 18:24:45

The issue of the code being tampered with is really a non-issue in this case as this is solely for a back-end administration system used by known, trusted users and is not accessible publicly. The system also requires you to have javascript enabled to get in, which solves that issue.And the reason I don't want to do it server-side is that the input editor I implemented allows you to do some very basic formatting after the fact (bold,underline, hyperlinks, ect.), so I would have to allow some formatting but disallow others, which could get messy.

Bill Dami 2010-06-22 18:35:51

@Bill Dami - trusted users, until the company decides to open the application up, or a malicious user within the company goes rogue.

Oded 2010-06-22 19:10:56

@Oded True, however I know that this application will never be opened to public users. And if an employee with access to the system did go rogue, them being able to save unsanitized input in the editor would be the least of our worries :-D

Bill Dami 2010-06-22 19:22:22

Geez, just add something server side that removes anything illegal. It doesn't have to be super-sophisticated, and can just outright reject the post if it has junk in it you don't allow (and that shouldn't get there anyway unless something funny is going on). Doing as much client side is the correct solution for usability...I hate it when I paste to a rich text field and it is all screwy.

rob 2010-06-23 00:36:17

+2 A:

It's already there in TinyMCE so I'd suggest to deploy it. It's also available as a jQuery package and released under LGPL so can be used in a commercial project.

See http://wiki.moxiecode.com/index.php/TinyMCE:Plugins/paste for paste-related functionality.

Ain 2010-06-22 18:30:20

If the TinyMCE project is open-sourced and its code is portable enough to extract just that functionality I may be able to use it, but as far as using the actual editor, that is really not an option for me, as these input areas are part of a website editor where u are essentially editing directly into the layout of a website template using contenteditable regions, and not a seperated text editor type interface.

Bill Dami 2010-06-22 18:40:21

Yes, that's what I meant by posting the answer - whether you find the whole framework usable or just extract and tweak parts of it for custom use.

Ain 2010-06-22 21:54:47

+1 A:

It's possible using a hack that the current versions of both TinyMCE and CKEditor use. I described in this answer.

Tim Down 2010-06-23 00:30:02

ansaurus

tags:

views:

answers:

Removing any html/formatting/ect from text string as it is pasted, via Javascript/JQuery?

related questions