By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,098 Members | 1,881 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,098 IT Pros & Developers. It's quick & easy.

text editor inside a form textarea ?

P: n/a
I want a text editor inside a form's textarea,

So I would see html markup and html entities - just like a text editor.
I also would want to be able to edit it all just like a text editor -
this is done in PHPMyadmin for example...is there an easy way to do this?

In a way i'm asking the browser to suspend rendering markup.
Jul 17 '05 #1
Share this Question
Share on Google+
9 Replies


P: n/a
euh...
echo "<textarea name='field1'>$yourfield</textarea>";

??

Rod

"Hal Halloway" <Ha******@nospam.net> a écrit dans le message de news:
zvCLd.1479$Kj4.1311@trnddc09...
I want a text editor inside a form's textarea,

So I would see html markup and html entities - just like a text editor. I
also would want to be able to edit it all just like a text editor - this
is done in PHPMyadmin for example...is there an easy way to do this?

In a way i'm asking the browser to suspend rendering markup.

Jul 17 '05 #2

P: n/a
In article <41***********************@news.club-internet.fr>,
"WebRod" <no****@bouygtel.fr> wrote:
euh...
echo "<textarea name='field1'>$yourfield</textarea>";

??

Rod

"Hal Halloway" <Ha******@nospam.net> a écrit dans le message de news:
zvCLd.1479$Kj4.1311@trnddc09...
I want a text editor inside a form's textarea,

So I would see html markup and html entities - just like a text editor. I
also would want to be able to edit it all just like a text editor - this
is done in PHPMyadmin for example...is there an easy way to do this?

In a way i'm asking the browser to suspend rendering markup.


I've see such things but they're written in Javascript and only work on
IE:

http://sniptools.com/dhtml_editor.php

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Jul 17 '05 #3

P: n/a
Hal Halloway wrote:
I want a text editor inside a form's textarea,

So I would see html markup and html entities - just like a text editor.
I also would want to be able to edit it all just like a text editor -
this is done in PHPMyadmin for example...is there an easy way to do this?

In a way i'm asking the browser to suspend rendering markup.


I think this is what you are after:
<textarea><?php echo htmlentities($the_code_string) ?></textarea>

That way, all HTML code will not be rendered (because "<" is replaced
with "&lt;" etc.), but it will show up as if you were viewing the source
of the document...

If that's not what you are after, take a look at this:
http://www.koivi.com/WYSIWYG-Editor/
Jul 17 '05 #4

P: n/a
> I think this is what you are after:
<textarea><?php echo htmlentities($the_code_string) ?></textarea>

That way, all HTML code will not be rendered (because "<" is replaced with
"&lt;" etc.), but it will show up as if you were viewing the source of the
document...


Actually you don't need to use htmlentities.
Because it is already in <textarea></textarea> it works fine!
So:
<textarea><?php echo $the_code_string ?></textarea>
OR
<?php echo htmlentities($the_code_string) ?>
But no need of:
<textarea><?php echo htmlentities($the_code_string) ?></textarea>

Rod


Jul 17 '05 #5

P: n/a
WebRod <no****@bouygtel.fr> wrote:
Actually you don't need to use htmlentities.
Because it is already in <textarea></textarea> it works fine!
So:
<textarea><?php echo $the_code_string ?></textarea>
OR
<?php echo htmlentities($the_code_string) ?>
But no need of:
<textarea><?php echo htmlentities($the_code_string) ?></textarea>


So what will happen is $the_code_string just happens to have the string
"</textarea>" in it?

Not escaping is the first step towards XSS.

Jul 17 '05 #6

P: n/a
Sorry if this posts twice, but it didn't show up through my reader, so
I had to use GG...
Unless you have another textarea in it....

<?php
$string='<b>This</b> has a textarea: <textarea></textarea> This is bad
for the page.';
?>
<textarea><?php echo $string ?></textarea>

Also, I think that if you don't use htmlentities it won't validate via
W3C.

Jul 17 '05 #7

P: n/a
WebRod wrote:
I think this is what you are after:
<textarea><?php echo htmlentities($the_code_string) ?></textarea>

That way, all HTML code will not be rendered (because "<" is replaced with
"&lt;" etc.), but it will show up as if you were viewing the source of the
document...

Actually you don't need to use htmlentities.
Because it is already in <textarea></textarea> it works fine!
So:
<textarea><?php echo $the_code_string ?></textarea>
OR
<?php echo htmlentities($the_code_string) ?>
But no need of:
<textarea><?php echo htmlentities($the_code_string) ?></textarea>


Never omit htmlentities when outputting untrusted content to your pages.
It doesn't matter where you place it, it can be harmful even inside an
HTML comment.
Jul 17 '05 #8

P: n/a
> Never omit htmlentities when outputting untrusted content to your pages.
It doesn't matter where you place it, it can be harmful even inside an
HTML comment.


yes, you're perfectly right!!
I was thinking only about "format" tags like <h1>,<font> etc etc.

but you're right, it's always better to use htmlentities!!
I apologize for my wrong answer :(

Rod
Jul 17 '05 #9

P: n/a
This works OK and is XSS-safe:

<textarea><?php echo htmlspecialchars($string); ?></textarea>

Or, if you want, that even if due to impossibility to represent some
characters in document charset browser had encoded them into &#nnn;
form they anyway will be shown as they were typed:

<textarea><?php echo preg_replace('/&amp;(#\d{1,5}|[a-z]{1,10});/i',
'&\1;', htmlspecialchars($string)); ?></textarea>

Both examples works fine in IE and Mozilla Firefox. Second example will
make some problems with Opera versions before 7.5 and there it'll be
hard to use &#-encodings for characters outside the document's charset.

Jul 17 '05 #10

This discussion thread is closed

Replies have been disabled for this discussion.