 |
 |
 |
 |
|
|
Date: 07/19/01
- Next message: Richard Archer: "[phplib] form and template question"
- Previous message: Dmitry Tsitelov: "Re: [phplib] ">" in frozen textarea box"
- In reply to: Dmitry Tsitelov: "Re: [phplib] ">" in frozen textarea box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thanks, htmlspecialchars() works like a charm. I also noticed that in the
current version of PHPLIB, htmlspecialchars() is already applied to the
value in self_get() of of_textarea class. Is there any reason why it
shouldn't be also applied to the value in self_get_frozen() ? Perhaps this
is something that could be incorporated in the next (upcoming ?) release of
PHPLIB ?
M.
On Thu, 19 Jul 2001, Dmitry Tsitelov wrote:
> On Thu, Jul 19, 2001 at 08:00:03PM +0100, Dima Nemchenko wrote:
> > Mikhail Avrekh wrote:
> >
> > > This is perhaps marginally related to PHPLIB, but I hope someone on this
> > > list have had some experience with a similar problem.
> > >
> > > I have a bunch of forms using the oohforms class. One of the forms is full
> > > of <textarea> elements, into which a user may paste potentially huge
> > > blocks of text to save in the database. I also need to display this form
> > > with the saved text either in an updateable format or in a read-only
> > > ("frozen") format depending on the privs etc.
> > >
> > > The problem is with the "frozen" form. If a user enters something like
> > > "a > b" into the box, this completely screws up the read-only form. The
> > > HTML then looks roughly like this:
> > >
> > > <hidden name=myverylongvar value='blahblahblah forever a > b more blah'>
> > > <table border=1><tr><td>
> > > blahblahblah forever a > b more blah
> > > </td></tr></table>
> > >
> > > ...which seems fine, except the browser appears to treat that ">" as a
> > > closing tag, so " b more blah", which can be quite long, pops up in plain
> > > text directly above the box with the text. The user freaks out. The
> > > developer doesn't know how to escape that ">". Any suggestions ?
> > >
> > > Thanks !
> > >
> > > M.
> > >
> > > --
> > > Abbestellen mit Mail an: phplib-unsubscribe <email protected>
> > > Kommandoliste mit Mail an: phplib-help <email protected>
> >
> > Hi Mikkhail,
> >
> > No experience with oohforms, so this might not be of any help at all! :)
> >
> > ereg_replace('>','>',$user_string) before you assign it to the form? But
> > then that wouldn't show up right in the TEXTAREA itself...
> >
> > Anybody else?
>
> I think that something like
>
> $user_string = htmlspecialchars($user_string)
>
> whould be much more appropriate.
>
> --
> Dmitry Tsitelov
> mailto:cit <email protected>
>
>
> --
> Abbestellen mit Mail an: phplib-unsubscribe <email protected>
> Kommandoliste mit Mail an: phplib-help <email protected>
>
>
-- Abbestellen mit Mail an: phplib-unsubscribe <email protected> Kommandoliste mit Mail an: phplib-help <email protected>
- Next message: Richard Archer: "[phplib] form and template question"
- Previous message: Dmitry Tsitelov: "Re: [phplib] ">" in frozen textarea box"
- In reply to: Dmitry Tsitelov: "Re: [phplib] ">" in frozen textarea box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]