开发者

handling WYSIWYG data in PHP

开发者 https://www.devze.com 2023-03-24 18:21 出处:网络
I need to use a wysiwyg editor for handling user input. How do you process this in php? If I retrieve the data and use htmlspecialchars then all the characters that were converted to special character
相关专题:htmlspecialcharsphpwysiwyg

I need to use a wysiwyg editor for handling user input.

How do you process this in php?

If I retrieve the data and use htmlspecialchars then all the characters that were converted to special characters by the wysiwyg editor will be messed up.

For example quote will be &quote;

When I use htmlspecialchars in php the & will be converted t开发者_如何学Co &

It will be an obvious problem. Any ideas?

Have you considered keeping a plain-text and an additional HTML record of whatever is being modified? You can display the plaintext and when you save it you could convert it to html also and save that in a seperate field?

If special chars are being converted to HTML though, wouldn't they still appear properly (to the user) when you are printing text out to editable form fields in html?

Let me know if I've misunderstood

Most editors (CKEditor, CLEditor and NicEdit to mention a few) supports two modes of input: Visual and direct input (usually called HTML mode).

When the user is entering text in visual mode, the editor takes care of converting html-like characters to the respective HTML entity while the user is typing his/her content. In this mode, the editor will typically add markup for the user (mostly paragraphs).

Direct input works like you'd expect from the name; The user is exposed to the HTML his or her content is made up of.

How you should handle the input data depends mostly on the users role.

If the user is trusted (i.e. an administrator for a company website), the user should be able to use both input modes.

If the user is untrusted (an anonymous user posting a comment on a blog post), the user should not be able to input (potentially malicious, think XSS) markup.

If your users needs some options for formatting their content, you should probably look into using another type of markup, e.g BBCode. This prevents the user from injecting any <script> tags into the content that might be shown to other users.

You will still need to strip any HTML tags from the user content though.

0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

关注公众号

热门标签

图文推荐

Delphi - Custom drawing a message list

Delphi - Custom drawing a message list
C++ header-only include pattern

C++ header-only include pattern
IE7 Margin Collapses Into Padding

IE7 Margin Collapses Into Padding
in CoffeeScript, how can I use a variable as a key in a hash?

in CoffeeScript, how can I use a variable as a key in a hash?
Interactive visualization of a graph in python [closed]

Interactive visualization of a graph in python [closed]
How to customise PHP MYSQL tables?

How to customise PHP MYSQL tables?
High quality, simple random password generator

High quality, simple random password generator
Image Recognition ApI in android

Image Recognition ApI in android

开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9