How can I render user entered HTML without messing up my own page...

Discussion in 'HTML' started by Alex Paransky, Jul 2, 2003.

  1. I have a case where user can enter some HTML code which is then stored
    in the database. When I render the page with user's HTML any mistakes
    made by the user might effect the layout of my page. For example, if
    the user started a <table> tag, but did not finish it with a </table>
    tag. This definitely breaks my own layout.

    What I want to do, is somehow render's user's HTML (not in a popup)
    without effecting my own html. I want to "SCOPE" user's html to a
    particular area on the page.

    Is there a way to do this with Java or JavaScript?

    Thanks.
    -AP_
     
    Alex Paransky, Jul 2, 2003
    #1
    1. Advertising

  2. Just a quick thought ....

    When your user submits the HTML why not display it in a popup window and ask
    them if they are sure this is correct ? If so then squirel it away in your
    DB and display as intended next time.

    Not sure how to do this in JS but could you search for open tags ( <?? ) and
    then once found get the closing ones - messy but it would catch any
    problems.

    HTH

    Chris
     
    Chris Leonard, Jul 2, 2003
    #2
    1. Advertising

  3. Alex Paransky

    Chris Morris Guest

    Alex Paransky <> writes:
    > I have a case where user can enter some HTML code which is then stored
    > in the database. When I render the page with user's HTML any mistakes
    > made by the user might effect the layout of my page. For example, if
    > the user started a <table> tag, but did not finish it with a </table>
    > tag. This definitely breaks my own layout.
    >
    > What I want to do, is somehow render's user's HTML (not in a popup)
    > without effecting my own html. I want to "SCOPE" user's html to a
    > particular area on the page.
    >
    > Is there a way to do this with Java or JavaScript?


    You could use IFRAME or OBJECT to keep the HTML in one place, though
    there's accessibility and usability problems with that, and it may not
    look much like you want either.

    Perhaps a better solution would be to pass the HTML code through HTML
    Tidy server-side, and then insert that into the database. Valid code
    will be fine, invalid code will be fixed, though perhaps not in the
    way that was intended. The suggestion made elsewhere of displaying a
    preview is probably a good idea - preview post-tidy so they can fix
    errors caused by tidy making the wrong guess about where to close the
    tags.

    --
    Chris
     
    Chris Morris, Jul 3, 2003
    #3
  4. Alex Paransky wrote:

    > I have a case where user can enter some HTML code which is then stored
    > in the database. When I render the page with user's HTML any mistakes
    > made by the user might effect the layout of my page. For example, if
    > the user started a <table> tag, but did not finish it with a </table>
    > tag. This definitely breaks my own layout.


    This can be broken down in to two issues, and should be handled on the
    server by whatever process is putting the HTML in the database.

    (1) Ensuring that user-entered HTML is valid and well formed

    This is probably best done by running submitted data through a validator and
    if any problems are found displaying an error message to them and asking
    for it to be edited.

    (2) Ensuring that the user can't muck anything up

    This is usually best done with a whitelist of tags and attributes. Any HTML
    used that isn't in the list gets either silently striped to returned to the
    user with an error.

    The whitelist would probably include tags such as <p>, but not <script> and
    attributes such as lang, but not style.

    An other option is to ban HTML entirely and use something like textile:
    http://textism.com/tools/textile/

    --
    David Dorward http://david.us-lot.org/
    Redesign in progress: http://stone.thecoreworlds.net/
    Microsoft announces IE is dead (so upgrade):
    http://minutillo.com/steve/weblog/2003/5/30/microsoft-announces-ie-is-dead
     
    David Dorward, Jul 3, 2003
    #4
  5. Jerry Muelver, Jul 4, 2003
    #5
  6. Alex Paransky

    harrison_ford

    Joined:
    Feb 23, 2008
    Messages:
    1
    how

    how can i get smtp for my sever
     
    harrison_ford, Feb 23, 2008
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lau Lei Cheong

    Page.Render do not render complete page

    Lau Lei Cheong, May 15, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    2,120
    Lau Lei Cheong
    May 15, 2004
  2. TN Bella
    Replies:
    1
    Views:
    1,557
    TN Bella
    Jul 1, 2004
  3. Anders K. Jacobsen [DK]

    How to stop HTML View from messing up HTML code

    Anders K. Jacobsen [DK], Jan 21, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    704
    Anders K. Jacobsen [DK]
    Jan 22, 2005
  4. Replies:
    4
    Views:
    320
    Salt_Peter
    Oct 29, 2006
  5. Radu
    Replies:
    2
    Views:
    485
Loading...

Share This Page