Have you done some testing with NOT converting the HTML within the
textarea with htmlspecialchars() -- does it work for all cases where a
does not exist?
If so, then consider NOT doing it, and instead solving the problem of a
within the textarea. possible solutions may include:
1. not allow
CPT John W. Holmes wrote:
> Try this:
>
> This is text
>
> If you submit that "text" and then print $_REQUEST['text'], you'll
see that
> you have
>
> This is text
Ok, but that only makes me realize the further extent of the problem.
If the HTML file that they upload has '<' or '
Hello-
I'm working on a site where users have the option to type HTML code into
a textarea, or upload HTML code from a local file which is then
displayed in the text area.
The obvious problem is that an uploaded file that contains a closing tag
for a textarea can wreak havoc and eat up the rest
From: "Thaddeus J. Quintin" <[EMAIL PROTECTED]>
> If the HTML file that they upload has '<' or '>' entities, then
> these characters will be displayed in the text area as '<' and '>'
> symbols. So when the text is submitted from the textarea, all of the
> user's HTML entities will have been dest
Hi,
Saturday, August 9, 2003, 1:57:04 AM, you wrote:
TJQ> CPT John W. Holmes wrote:
TJQ>
TJQ> > Try this:
TJQ> >
TJQ> > This is text
TJQ> >
TJQ> > If you submit that "text" and then print $_REQUEST['text'], you'll
TJQ> see that
TJQ> > you have
TJQ> >
TJQ> > This is text
TJQ>
You're safe because when you apply htmlentities() these will be doubly
marked up. So if the file contains "&" then the browser will receive
"&".
HTH,
Rob.
On Fri, 2003-08-08 at 11:57, Thaddeus J. Quintin wrote:
> CPT John W. Holmes wrote:
>
> > Try this:
> >
> > This is text
>
From: "Thaddeus J. Quintin" <[EMAIL PROTECTED]>
> I'm working on a site where users have the option to type HTML code into
> a textarea, or upload HTML code from a local file which is then
> displayed in the text area.
>
> The obvious problem is that an uploaded file that contains a closing tag
> f
Thaddeus J. Quintin wrote:
CPT John W. Holmes wrote:
> Try this:
>
> This is text
>
> If you submit that "text" and then print $_REQUEST['text'], you'll
see that
> you have
>
> This is text
Ok, but that only makes me realize the further extent of the problem.
If the HTM
Thanks everybody!
Looks like I was just thinking about the problem too hard.
Thaddeus
John W. Holmes wrote:
Thaddeus J. Quintin wrote:
CPT John W. Holmes wrote:
> Try this:
>
> This is text
>
> If you submit that "text" and then print $_REQUEST['text'], you'll
see that
> you
9 matches
Mail list logo
