By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,751 Members | 1,216 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,751 IT Pros & Developers. It's quick & easy.

Quotes in HTML snippets

P: n/a
Hi group,

I've set up an agenda-like system where "admins" can enter upcoming
events, including a description of the event. This description can
include HTML formatting and is entered in a <textarea>.

The problem I'm facing is this: suppose an "admin" enters a description,
but one of the attributes of a HTML tag doesn't have a closing double
quote.
An example:

<div class="summarydiv>
Short admin-written summary of the event...
</div>

Now, they submit the event. The page that lists the events just picks
this description up from the database and puts it in a <ul> list. Of
course, the unmatched quote causes _all_ subsequent HTML code to be
considered part of the description, until by chance a next double quote
is encountered. You can imagine this gives horrible and unpredictable
results for the news page.

I'm thinking of a few possibilities to solve this:
* some sort of a regex check on the description, before it is submitted
to the DB
* simply counting the number of double quotes between < > delimiters,
the number should be even
* ...?

What do you experts think? Any suggestions?

Thanks in advance,
Wald
Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
wald wrote:
I've set up an agenda-like system where "admins" can enter upcoming
events, including a description of the event. This description can
include HTML formatting and is entered in a <textarea>.
OT: forget "HTML formatting" -- there's no such thing.
The problem I'm facing is this: suppose an "admin" enters a description,
but one of the attributes of a HTML tag doesn't have a closing double
quote.
[ ... ]
I'm thinking of a few possibilities to solve this:
* some sort of a regex check on the description, before it is submitted
to the DB
AIUI regular expressions alone can't accomplish that.
* simply counting the number of double quotes between < > delimiters,
the number should be even
No, that won't work either. There's no requirement in HTML for a
start-tag to contain an even number of double quotes.

[ ... ]
What do you experts think? Any suggestions?


I suggest you reconsider interpreting the data as HTML. What happens
when a naughty "admin" (I suppose the quotes are necessary) enters
<IMG src="http://domain.example/rudepic">?

If you insist though, consider using a parser to catch those syntax
errors; apparently HTML Tidy, http://www.w3.org/People/Raggett/tidy/ ,
can flag missing quote marks. Catching semantic mistakes might be
harder.

Have a great weekend sir!

--
Jock
Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.