470,848 Members | 1,267 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,848 developers. It's quick & easy.

Quotes in HTML snippets

Hi group,

I've set up an agenda-like system where "admins" can enter upcoming
events, including a description of the event. This description can
include HTML formatting and is entered in a <textarea>.

The problem I'm facing is this: suppose an "admin" enters a description,
but one of the attributes of a HTML tag doesn't have a closing double
quote.
An example:

<div class="summarydiv>
Short admin-written summary of the event...
</div>

Now, they submit the event. The page that lists the events just picks
this description up from the database and puts it in a <ul> list. Of
course, the unmatched quote causes _all_ subsequent HTML code to be
considered part of the description, until by chance a next double quote
is encountered. You can imagine this gives horrible and unpredictable
results for the news page.

I'm thinking of a few possibilities to solve this:
* some sort of a regex check on the description, before it is submitted
to the DB
* simply counting the number of double quotes between < > delimiters,
the number should be even
* ...?

What do you experts think? Any suggestions?

Thanks in advance,
Wald
Jul 17 '05 #1
1 1771
wald wrote:
I've set up an agenda-like system where "admins" can enter upcoming
events, including a description of the event. This description can
include HTML formatting and is entered in a <textarea>.
OT: forget "HTML formatting" -- there's no such thing.
The problem I'm facing is this: suppose an "admin" enters a description,
but one of the attributes of a HTML tag doesn't have a closing double
quote.
[ ... ]
I'm thinking of a few possibilities to solve this:
* some sort of a regex check on the description, before it is submitted
to the DB
AIUI regular expressions alone can't accomplish that.
* simply counting the number of double quotes between < > delimiters,
the number should be even
No, that won't work either. There's no requirement in HTML for a
start-tag to contain an even number of double quotes.

[ ... ]
What do you experts think? Any suggestions?


I suggest you reconsider interpreting the data as HTML. What happens
when a naughty "admin" (I suppose the quotes are necessary) enters
<IMG src="http://domain.example/rudepic">?

If you insist though, consider using a parser to catch those syntax
errors; apparently HTML Tidy, http://www.w3.org/People/Raggett/tidy/ ,
can flag missing quote marks. Catching semantic mistakes might be
harder.

Have a great weekend sir!

--
Jock
Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

6 posts views Thread by Cyrus D. | last post: by
8 posts views Thread by Christoph Zwerschke | last post: by
7 posts views Thread by duwayne | last post: by
4 posts views Thread by cjm | last post: by
7 posts views Thread by Tim Mulholland | last post: by
37 posts views Thread by Ian Rastall | last post: by
7 posts views Thread by skunkwerk | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.