javascript - Allow HTML to be entered in text area - Stack Overflow

admin管理员组

文章数量:1415673

So I don't know if I'm looking for the wrong thing on Google or Stackoverflow, but I want to achieve this-

There is a text-area in a form and I want the user to be able to enter HTML tags.

So the user would enter this in to the text area:

<html>
<p>Hello World</p>
</html>

This is then submitted by AJAX and JavaScript to the database however is seems to get rid of the tags.

What I'm wanting is to keep the tags when the data is returned, however not actually affect the other data in the text area. So example if I was to echo out the content of the text area it would echo out:

<html>
<p>Hello World</p>
</html>

as plain text.

Okay I have gone down the root of using htmlspecialchars, which does what I wanted, as it displays the tags as plain text. However I would like some tags to be executed sill such as the bold tag. How would I bine htmlspecialchars and striptags to allow tags to be displayed as plain text but also allow the tags specified in the striptags to be executed.

So I don't know if I'm looking for the wrong thing on Google or Stackoverflow, but I want to achieve this-

There is a text-area in a form and I want the user to be able to enter HTML tags.

So the user would enter this in to the text area:

<html>
<p>Hello World</p>
</html>

This is then submitted by AJAX and JavaScript to the database however is seems to get rid of the tags.

What I'm wanting is to keep the tags when the data is returned, however not actually affect the other data in the text area. So example if I was to echo out the content of the text area it would echo out:

<html>
<p>Hello World</p>
</html>

as plain text.

Okay I have gone down the root of using htmlspecialchars, which does what I wanted, as it displays the tags as plain text. However I would like some tags to be executed sill such as the bold tag. How would I bine htmlspecialchars and striptags to allow tags to be displayed as plain text but also allow the tags specified in the striptags to be executed.

• javascript
• php
• jquery
• html
• tags

Share Improve this question Follow edited Mar 16, 2014 at 15:18 James Dale asked Mar 16, 2014 at 14:22 James DaleJames Dale 12611 gold badge44 silver badges1111 bronze badges 3

• That markup is being actively removed by some software you're using; there's nothing special about HTML markup in <textarea> values. Browsers won't remove it automatically, but some well-intentioned but errant code in your JavaScript client-side stuff or on the server is. – Pointy Commented Mar 16, 2014 at 14:27
• try using console.log('textareadata') to see what's being submitted to the server. if it's the correct html then it's something on the server side which is stripping the tags. if not, it's something client side. – dewd Commented Mar 16, 2014 at 14:34
• I doubt something's removing the tags. You're probably just viewing it in an html context and the tags are beign rendered. Do a view source in your browser – Marc B Commented Mar 16, 2014 at 15:07

Add a ment  | 

3 Answers 3

Sorted by: Reset to default 3

There is nothing you need (or can) do to allow users to enter HTML tags. The reason is that the input is read as plain text anyway, so any < character is taken just as-is. So if the user types <a>, these three characters get inserted into the form data.

What you do with the data then, server-side or otherwise, may or may not handle HTML tags. It’s all up to your code. If you simply echo everything as such on a generated HTML page, then HTML markup will have the usual effect. If you wish to render it as text, as visible tags, then simply encode any & as & and any < as <.

You don't need to do anything, it automatically does as long as you dont filter the user submitted text.

N.B. If you want to echo the entered HTML back to users, be very aware of potential malicious code in the entered HTML. This security issue is known as Cross-site scripting (or XSS).

In other words: never trust the entered code

本文标签： javascriptAllow HTML to be entered in text areaStack Overflow