In the case of allowing HTML into textarea, is the a work-around
for the quotes in an href="" ?
How about work-around for allowing js into a textarea?
best, paul
At 08:21 AM 9/18/00 -0400, you wrote:
>On 9/18/00, Deva Ramesh penned:
> >Hi
> >
> >I have a text field that is pulling up content from a DB. This content will
> >at times contain HTML statements.
> >I'm having problems right now with the textarea stripping out the HTML
> >command (non-breaking space, in case it doesn't show up here either)
> >
> >I put it in through the textarea field, and I can see it in the DB, but when
> >I pull it up again in the text field, they are gone. And as soon as I submit
> >the text field again... they're gone for good.
>
>Textarea fields will decode html statements just like the web page
>will. Whereas text fields show whatever's there.
>
>In other words, <p> will show up as a double line break in a textarea
>but will show up as <p> in a text field.
>
> >The other problem I'm having right now is with the </textarea> command....
> >it sees that, and ends my textarea before its through putting out all the
> >information into the textarea field.
>
>
>This may be a tad bloated, but I've found it's what works best for
>me. I'm sure this will probably confuse you more than you are now,
>but if you go over it a couple times, it's the result of pulling out
>what little hair I have left over the course of months and will work
>for you. LOL
>
>When inserting into a database from a text field I use htmleditformat.
>
>When inserting from a textarea, I add a little extra. The code below
>will cause any line breaks you type in to a text area field to be put
>into the database encoded as <br>, then that encoded to
>htmleditformat along with quotes, etc. This way, quotes and
>everything are safe to pass from field to field, and what you type
>into the text area is what you get:
>
>INSERT INTO MyTable
>(MyField)
>VALUES
>('#HTMLEditFormat(replace(inputfromtextarea, chr(10), "<br>", "ALL"))#')
>
>
>When outputting what's in the database into textarea:
>
><textarea name="MyTextArea" rows=4
>cols=60><cfoutput>#trim(replace(replace(replace(outputintotextarea,
>"<", "<", "ALL"), ">", ">", "ALL"), "<br>", chr(10),
>"ALL"))#</cfoutput></textarea>
>
>Both of those samples above are presuming regular text will be being
>typed into the textarea. If you are pasting html code directly into
>the textarea field, then you won't want to use htmleditformat, but
>you will want any <br> and <p> tags to be encoded. If you use
>htmleditformat to encode them though, and you put in or &,
>the ampersands will be encoded again and will end up as
>&nbsp;
>
>LOL
>
>So, do this:
>
>Into database:
>#replace(replace(replace(htmlcode, "<", "<", "ALL"),
>">", ">", "ALL"), chr(34), """, "ALL")#
>
>(the " will encode any uncoded quotes. You could delete that if
>you will always be encoding your quotes first.
>
>Back into textarea: No decoding will be necessary. It will all show
>up as it was originally.
>
>Into the web page:
>#replace(replace(htmlcode, "<", "<", "ALL"),
>">", ">", "ALL")#
>
>To output the text from the database to a web page:
>
><cfoutput>#replace(replace(myoutputashtml, "<",
>"<", "ALL"), ">", ">", "ALL")#</cfoutput>
>
>I put breaks into all the stuff for this e-mail. I generally put it
>on one line in my templates.
>
>
>
>--
>
>Bud Schneehagen - Tropical Web Creations
>
>_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>ColdFusion Solutions / eCommerce Development
>[EMAIL PROTECTED]
>http://www.twcreations.com/
>954.721.3452
>------------------------------------------------------------------------------
>Archives: http://www.mail-archive.com/[email protected]/
>To Unsubscribe visit
>http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
>send a message to [EMAIL PROTECTED] with 'unsubscribe' in
>the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
