2

I'm using a HTML form's TEXTAREA field that will contain text and it may can contain itself some HTML tags. I have read here that this should be managed using htmlspecialchars function, however this will show the HTML tags in a way it will be quite difficult to allow easy editing of the HTML code into the form TEXTAREA. What is the safer, easier way to achieve this, ensuring that quotes and "dirty" HTML code will not spoil the form?

Improve this question

1 Answer 1

Reset to default
3

The usual workflow:

  1. Provide a Javascript rich-text editor for your users such as TinyMCE: http://tinymce.moxiecode.com/
  2. Grab the source generated by the RTE and filter it through HTML Purifier before saving to the database.
  3. Escape the existing HTML: <div id="myHtml" style="display: none"><?php echo htmlentities($html); ?></div>
  4. Re-populate the RTE via Javascript - in the case of TinyMCE as follows: tinyMCE.activeEditor.setContent($('#myHtml').html());

You can also load the HTML content via AJAX.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Man, this is awesome! Will certainly follow your advise. Thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.