On Tue, 3 Aug 2004 11:02:49 +1200, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > Hi All, > > I have a struts app that lets users input into text-areas. Whatever the > user entered will later be displayed as text. > To give users some control over presentation, I'd like to allow them to > enter html directly into a text-area. > Struts appears to convert all html to harmless displayable text, so that > <hr> appears quite literally as '<hr>' rather than as a horizontal line. > > How can I allow users to input effective html? And is there any way I can > ring-fence what they enter, so that any html errors they make don't bring > the whole page down? >
If you want someone to see the visualized text as they are typing, you're going to need something like a "rich text" component that does that sort of thing in JavaScript. The standard HTML <textarea> element that Struts uses doesn't help you, even if the HTML elements are literally embedded. If you are taking content and then literally embedding it in your page with something like <bean:write>, you can turn off the filtering by saying filter="false" in the attributes of this tag. Be aware, however, that in doing so *you* are taking responsibility for avoiding cross site scripting attacks from potentially malicious users that try to embed JavaScript markup. Most likely, you'll need to scan the text and only allow HTML elements that are reasonably harmless (like <b>). > Regards, > John Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
