ansaurus

Question

Answer 1

+5 A:

is there a reason you're trying to put a  within <textarea>? as you found out it's not valid. if it's for display purposes (ie, showing code) it should be translated:

<textarea>&lt;p&gt;text&lt;/p&gt;</textarea>

beyond validation issues, allowing arbitrary tags (which are not properly encoded as above) to display can be a huge security issue. it's paramount to make sure any user supplied input has been properly sanitized before it is displayed.

Owen 2008-10-12 21:16:34

For some reason I was thinking HTML entities wouldn't display within the textarea (dumb). Converting the HTML entities to the characters, then all of them back seems to have do it :)

Zurahn 2008-10-12 21:49:04

Answer 2

+1 A:

You can leave out the tags in the text area, and when you need new lines use \n Otherwise use  and  in the place of your tags.

acrosman 2008-10-12 21:17:35

Answer 3

+1 A:

You could use an onload function to replace starts and ends tags of the textarea content.

eg: replace < > with &lt; &gt;

<textarea cols="" rows="">&lt;p&gt;text&lt;/p&gt;</textarea>

text

2008-10-12 21:30:14

Answer 4

+1 A:

Am I right in thinking your trying to make a WYSIWYG editor, such as TinyMCE? What most seem to do is use HTML entities in the textarea and convert it to HTML via JavaScript.

Ross 2008-10-12 21:34:46

Answer 5

A:

Would a CDATA section be an option for you?

<textarea><![CDATA[
    <p>Blah</p>
]]></textarea>

nickf 2008-10-12 22:03:22

Answer 6

A:

you could use this function on the posted data

function clean_data($value) {
 if (get_magic_quotes_gpc()) { $value = stripslashes($value); }
 $value = addslashes(htmlentities(trim($value)));
 $value = str_replace("\'", "&#39;", $value);
 $value = str_replace("'", "&#39;", $value);
 $value = str_replace(":", "&#58;", $value);
 return $value;
}

2008-12-15 10:20:26

ansaurus

tags:

views:

answers:

XHTML and code inside textareas

related questions