Hello-
I'm working on a site where users have the option to type HTML code into
a textarea, or upload HTML code from a local file which is then
displayed in the text area.
The obvious problem is that an uploaded file that contains a closing tag
for a textarea can wreak havoc and eat up the
CPT John W. Holmes wrote:
--SNIP--
Try this:
textarea name=textThis is lt;somegt; text/textarea
If you submit that text and then print $_REQUEST['text'], you'll
see that
you have
This is some text
--SNIP--
Ok, but that only makes me realize the further extent of the problem.
If the HTML
Have you done some testing with NOT converting the HTML within the
textarea with htmlspecialchars() -- does it work for all cases where a
/textarea does not exist?
If so, then consider NOT doing it, and instead solving the problem of a
/textarea within the textarea. possible solutions may
From: Thaddeus J. Quintin [EMAIL PROTECTED]
If the HTML file that they upload has 'lt;' or 'gt;' entities, then
these characters will be displayed in the text area as '' and ''
symbols. So when the text is submitted from the textarea, all of the
user's HTML entities will have been
Hi,
Saturday, August 9, 2003, 1:57:04 AM, you wrote:
TJQ CPT John W. Holmes wrote:
TJQ --SNIP--
TJQ Try this:
TJQ
TJQ textarea name=textThis is lt;somegt; text/textarea
TJQ
TJQ If you submit that text and then print $_REQUEST['text'], you'll
TJQ see that
TJQ you have
TJQ
TJQ This
From: Thaddeus J. Quintin [EMAIL PROTECTED]
I'm working on a site where users have the option to type HTML code into
a textarea, or upload HTML code from a local file which is then
displayed in the text area.
The obvious problem is that an uploaded file that contains a closing tag
for a
You're safe because when you apply htmlentities() these will be doubly
marked up. So if the file contains amp; then the browser will receive
amp;amp;.
HTH,
Rob.
On Fri, 2003-08-08 at 11:57, Thaddeus J. Quintin wrote:
CPT John W. Holmes wrote:
--SNIP--
Try this:
textarea name=textThis
Thaddeus J. Quintin wrote:
CPT John W. Holmes wrote:
--SNIP--
Try this:
textarea name=textThis is lt;somegt; text/textarea
If you submit that text and then print $_REQUEST['text'], you'll
see that
you have
This is some text
--SNIP--
Ok, but that only makes me realize the further
Thanks everybody!
Looks like I was just thinking about the problem too hard.
Thaddeus
John W. Holmes wrote:
Thaddeus J. Quintin wrote:
CPT John W. Holmes wrote:
--SNIP--
Try this:
textarea name=textThis is lt;somegt; text/textarea
If you submit that text and then print
9 matches
Mail list logo
