ansaurus

Question

jquery and textarea

Answer 1

A:

You can't have line breaks in the middle of a string, you either need:

$("#text_a").html('<textarea name="text">First line...\
Second line ...</textarea>');

Or better in my opinion, escape your newlines, like this:

$("#text_a").html('<textarea name="text">First line...\nSecond line ...</textarea>');

There are a few encoding options, for example:

$("#text_a").html('<textarea name = "text">".json_encode($text_user)."</textarea>');

Nick Craver 2010-10-14 11:40:48

But how escape all new lines in php string?

lolalola 2010-10-14 11:53:49

@lolalola - Like this: `$("#text_a").html('<textarea name = "text">".json_encode($text_user)."</textarea>');` See this question for details: http://stackoverflow.com/questions/168214/pass-a-php-string-to-a-javascript-variable-including-escaping-newlines

Nick Craver 2010-10-14 11:58:39

Answer 2

+1 A:

You are mixing PHP with javascript. Could be something like:

var text_user = "<?= nl2br(htmlentities($text_user)) ?>";
$("#text_a").html('<textarea name = "text">'+text_user+'</textarea>');

Concatenation operator in ecmascript is "+", not "." like in PHP.

Paulo Scardine 2010-10-14 11:44:01

What the OP posted *was* PHP, and what you're posting would have the exact same error of an unterminated string literal.

Nick Craver 2010-10-14 11:44:42

@nick: Thanks, he should not only escape "\n" as well quotes. I think his code would not work either as javascript or PHP, and the question is tagged jequery/textarea.

Paulo Scardine 2010-10-14 11:54:57

Answer 3

+2 A:

Assuming that this is actually a PHP question, I normally use json_encode() to generate JavaScript strings. E.g.:

// Prints: var myString = "Hello\nWorld";
var myString = <?php echo json_encode("Hello\nWorld"); ?>;

Back into JavaScript, you probably want to avoid HTML injection and XSS attacks:

var myTextarea = $('<textarea name="text"></textarea>').text(<?php echo json_encode($text_user); ?>);
$("#text_a").html(myTextarea);

Addendum

A little test case that illustrates the need of proper escaping:

<?php

$text_user = '</textarea><a href="http://www.google.com"&gt;Google&gt;&lt;/a&gt;&lt;textarea&gt;';

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"&gt;
<html>
<head><title></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"&gt;&lt;/script&gt;
<script type="text/javascript"><!--
jQuery(function($){
    // Proper escaping
    var myTextarea = $('<textarea name="text"></textarea>').text(<?php echo json_encode($text_user); ?>);
    $("#text_a").html(myTextarea);

    // HTML injection
    $("#text_b").html('<textarea name="text">' + <?php echo json_encode($text_user); ?> + '</textarea>');
});
//--></script>
</head>
<body>

<div id="text_a"></div>
<div id="text_b"></div>

</body>
</html>

Álvaro G. Vicario 2010-10-14 11:53:38

`.html()` gets the *inner* HTML of an element, so this won't have the same effect.

Nick Craver 2010-10-14 11:59:22

@Nick Craver, I've just fixed the JavaScript part. It should work as expected now.

Álvaro G. Vicario 2010-10-14 12:10:04

ansaurus

tags:

views:

answers:

jquery and textarea

Addendum

related questions