允许在文本区域中输入HTML
[英]Allow HTML to be entered in text area
问题描述
So I don't know if I'm looking for the wrong thing on Google or Stackoverflow, but I want to achieve this- 
所以我不知道我是在Google还是Stackoverflow上寻找错误的东西,但我想实现这一目标-
There is a text-area in a form and I want the user to be able to enter HTML tags. 表单中有一个文本区域,我希望用户能够输入HTML标签。
So the user would enter this in to the text area: 因此,用户可以在文本区域中输入以下内容:
<html>
<p>Hello World</p>
</html>
This is then submitted by AJAX and JavaScript to the database however is seems to get rid of the tags. 然后,它由AJAX和JavaScript提交到数据库,但是似乎摆脱了标签。
What I'm wanting is to keep the tags when the data is returned, however not actually affect the other data in the text area. 我想要的是在返回数据时保留标签,但是实际上并不会影响文本区域中的其他数据。 So example if I was to echo out the content of the text area it would echo out: 因此,例如,如果我要回显文本区域的内容,它将回显:
<html>
<p>Hello World</p>
</html>
as plain text. 作为纯文本。
Okay I have gone down the root of using htmlspecialchars, which does what I wanted, as it displays the tags as plain text. 好的,我已经扎根了使用htmlspecialchars的用途,它可以实现我想要的功能,因为它以纯文本形式显示标签。 However I would like some tags to be executed sill such as the bold tag. 但是,我希望一些标签会被执行,例如粗体标签。 How would I combine htmlspecialchars and striptags to allow tags to be displayed as plain text but also allow the tags specified in the striptags to be executed. 我将如何结合htmlspecialchars和striptags将标签显示为纯文本,但又允许执行striptags中指定的标签。
3 个解决方案
解决方案1
3 已采纳 2014-03-16 14:29:39
There is nothing you need (or can) do to allow users to enter HTML tags. 您无需(或可以)做任何事情来允许用户输入HTML标记。 The reason is that the input is read as plain text anyway, so any < character is taken just as-is. 原因是,无论如何,输入都被读为纯文本,因此任何<字符都照原样使用。 So if the user types <a> , these three characters get inserted into the form data. 因此,如果用户键入<a> ,则这三个字符将插入到表单数据中。
What you do with the data then, server-side or otherwise, may or may not handle HTML tags. 然后,服务器端或其他方面对数据的处理可能会也可能不会处理HTML标记。 It's all up to your code. 这完全取决于您的代码。 If you simply echo everything as such on a generated HTML page, then HTML markup will have the usual effect. 如果仅在生成的HTML页面上回显所有内容,则HTML标记将具有通常的效果。 If you wish to render it as text, as visible tags, then simply encode any & as & 如果你想呈现为文本,可见标签,然后简单地编码任何&为& and any < as < 以及<和< . 。
解决方案2
2 2014-03-16 14:32:15
您无需执行任何操作,只要您不过滤用户提交的文本,它就会自动执行。
解决方案3
1 2014-03-16 14:49:37
NB If you want to echo the entered HTML back to users, be very aware of potential malicious code in the entered HTML. 注意:如果要向用户回显输入的HTML,请非常注意输入的HTML中潜在的恶意代码。 This security issue is known as Cross-site scripting (or XSS). 此安全问题称为跨站点脚本(XSS)。
In other words: never trust the entered code 换句话说:永远不要相信输入的代码
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.