javascript: addContent - How to package...

Question

While making use of a sample for addContent (located at randomsnippets.com), I stumbled into a problem that I hope someone can help on. This may not be the best/only way to skin this cat, but we have a PHP/MySQL page that has to be modified to ADD rows for data entry when needed.

Their method works (please take a peak at their page), but the value for the FORM element TEXTAREA has it's own form elements in it, including TEXTAREA. The close of the latter TEXTAREA tag interrupts the first value and throws the remaining code to the page, not awaiting insertion by the Submit Button. Results Example: Click Here

The Submit button successfully produces the part that stayed inside, but you see the problem.

---

- Is there a way to use the javascript addContent function,

- Incorporate the utility of an ADD button

- But avoid using the packaging of FORMS?

---

Thanks for any help!

Bryan

p.s. The PHP is transparent. Direct inclusion of the HTML contained in the variable as the value of TEXTAREA produces the same result.

Answer 1

I don't really understand what you're trying to accomplish here, but it doesn't matter - the obvious problem is that you're including unescaped HTML in the textarea: the textarea's text must be escaped, just as you would escape text content anywhere else in a HTML document (converting < to < > to > & to &, etc.). The fact that you're ultimately feeding the text back through the browser's HTML parser doesn't matter - if you want the document to load properly, it has to be escaped:

Example:

desired content such as this:

<tr>
   <td bgcolor="#F3F3F3" align="center" colspan="3"><hr size="1" color="#C0C0C0"></td>
</tr>

would be included in a textarea like so:

<textarea>
&lt;tr&gt;
   &lt;td bgcolor="#F3F3F3" align="center" colspan="3"&gt;&lt;hr size="1" color="#C0C0C0"&gt;&lt;/td&gt;
&lt;/tr&gt;
</textarea>