This question already has answers here:
Rendering HTML inside textarea
(7 answers)
Closed 7 years ago.
I have code that lets you format the text in a textarea with bold, underline, strikeout or italics. But it displays the html tags instead of actually formatting it. I know once I output it inside a div, it ill be formatted, but I want to show the formatting while the user writes the text.
How can I enable formatting? JavaScript is fine, I'm using JQuery at the moment. I would also rather not use a WYSIWYG editor, if there is another option.
Thanks for any help.
Use contentEditable attribute on div element
<div contentEditable="true">
</div
This way you can format your input in any desired way, just dont forget properly escape data.
Just a thought; if you just want to let users see what their response will look like, you could take a cue from this site and have a sort of "preview" div right above/below the comment box. You could use onKeyUp to put the code into the div to keep it up do date as the user types. It's not perfect, but it's probably as good as you're going to get if you don't want to use a WYSIWYG.
That being said, the contentEditable + WYSIWYG option is probably more user friendly, and simpler, IMHO.
I believe it's only possible by using some div or other styleable html element instead of your textarea. With Javascript you would then add the functionality of the textarea.
How about you use some formatting system like this here on SO? It is much more elegant in my opinion, than pseudo WYSIWYG.
Replace the textarea with an div and enable the designmode.
Or you can use the jquery plugin http://plugins.jquery.com/project/designMode
Related
I have in my page a textarea input box in which users can put some html code. I would like to provide them of some hints in case their html is not syntactically correct. For example a red circle in correspondence of the incriminated row, a tooltip showing a message, or just another color for the not closed tag.
Searching on the internet I found some useful tools, but most of them are for nodejs, like this one http://htmlhint.com/ , which would be exactly what I want if I could use it on my page.
You can use ace editor (https://ace.c9.io/) or codemirror (https://codemirror.net/) textarea replacements to accomplish what you want. htmlhint also uses ace editor.
What is the most secure way to save data from a textarea that contains a <pre><code> text in it? , using strip_tags will remove all the tags from the text..
is it save to use this:
strip_tags($input, '<pre><code><other accepted tags except script,php,...');
or should I do other things too?
What is the most secure way to save data from a textarea that contains a <pre><code> text in it?
Save it as it is.
When you take that data back out of the database and put it into a web page, call htmlspecialchars on it first to escape it so that it looks like normal text on the page.
If you want the user to be able to input actual markup, but you only want to allow certain tags, then you've got a different problem and you want something like htmlpurifier.
Either way, the input or database layer is not the right place to be worrying about output formatting concerns.
If you are saving the contents of the text area to mysql database you should use mysqli_escape_string. before saving the data.
Also you can remove javascript tags from the posted data using regular expression. e.g preg_replace
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
PHP: Truncate HTML, ignoring tags
I have html data saved in db. I want to display html as shortened..
I try to use mb_strstr function like this;
$str = mb_strstr($this->htmlData, "</p>",true);
echo $str."</p>";
It echos the first paragraph of the html. But the problem is html is filled in admin panel and sometimes first paragraph is not have enough text.
I also dont want to use fixed character position with substr because sometimes let say 200 character can be a html tag so it produces invalid format html formatted output.
So I want to learn best practice for this kind of problem.
Thank you.
Add some custom tag or code into your WYSIWYG editor (example: <separator> or ...). You could use it to separate introduction part from the rest of the article. That will help you avoid mess with PHP tags being unclosed in introduction part. Also it gives author option to decide manually which part of text would be good for introduction.
Another wise think that can be done would be to make a separate field in the database for introduction part. Yes, it would cost more memory but it would give an option to author to write juicy introduction text to have more people open full article...
I'm creating my own blog in PHP and want to know your opinions on how I should format my post content.
Currently I store the post content as just plain text, call it when necessary, then wrap each line with P tags. I did this in case I wanted to change the way I formatted my text in the future and it would save me the dilema of having to remove all P tags from the posts in the DB.
Now the problem I have this this method is that if I want to add extra formatting in, e.g. lists etc those would also be wrapped with P tags which is not correct.
How would you do this, would you store text as plain text in the DB, or would you add the HTML formatting and store that in the DB to?
I'd prefer not to store unnessary HTML in the DB, but not sure of a way around it?
I think the best way would be to keep the html in the db. You would have too much to work with parsing the text if you don't use html.
See how it's done in other blog tools. I know that Joomla, for example, keeps all html in the db. I know Joomla isn't blog tool :) but still...
Wordpress stores html in the db. You say you are concerned about storing 'unnecessary' html in the db. What makes it unnecessary? I think it is the opposite. You may have headings or bold or italic text in your post. If storing as plain text, how do you save this formatting? How are you saving the lists you mentioned?
I see it as a better practice to store raw user input in the database, and format it on output, caching the result if it is needed. That way you can change the way you are parsing things easily without having to regex-replace anything inside the database. You can also store the raw input in one column, and the formatted HTML in another one.
I assume that you are formatting your raw text with the Markdown or the Textile syntax?
If you store HTML in your DB, you will be just a few clicks away from your current situation:
you can use strip_tags() to remove HTML formating and in case of bigger changes, you can run HTML Tidy on your code to remap tags and classes.
Hey guys Im building a web-app where users can login and post/read articles and comment and things.
Im giving them a form to post an article where they provide its title, description and text.
leaving the validations and sql injections aside (already done that), I need help with displaying the article stored in MySQL database as TEXT.
Im taking the article text from a textarea, and displaying it in a p tag but then obviously it skips the new line characters entered by the users, but the pre tag makes it ugly by giving a wide scrollable display.I want to know which tag is appropriate to be used for this purpose? or is even taking an article through textarea correct?
Im a learner and am building such a webapp with articles and comments sections for the first time, so any suggestions are most welcome. Thank you in advanced.
My recommendation would be of two choices:
1. Use Plain Text:
If you want that user can not put any HTML in the contents, show a simple HTML Textarea input to user, then when the user enters a new line (Enter key) it would be \n in your database. When you want to print the article just use nl2br($article_contents); and it will convert the new lines (\n) into HTML line breaks.
2. Rich Text:
If you want users to put HTML contents in article then it would be easy if you use any Text Editors like TinyMCE. TinyMCE will make it easy for your users to do simple HTML Formatting like headings, bold, italic, paragraph alignments, color, add images. Then in the PHP side use strip_tags function to allow only the certain tags so the user could not insert any malicious code like XSS injections into HTML contents. For example:
strip_tags($article_contents, "<u><b><i><font><span><p>");
Proposed Answer:
Use <span></span>
Tags like <p></p><div></div> take up as much space as they can, while <span></span> takes up as little as it can to hold whatever is inside it, so it might be more suitable for you.
Let me know if that worked for you.
In PHP you can use function nl2br that changes all newline characters to BR HTML tag. http://php.net/nl2br