PHP - 包含HTML的HTML表单TEXTAREA
问题描述:
I'm using a HTML form's TEXTAREA field that will contain text and it may can contain itself some HTML tags. I have read here that this should be managed using htmlspecialchars function, however this will show the HTML tags in a way it will be quite difficult to allow easy editing of the HTML code into the form TEXTAREA. What is the safer, easier way to achieve this, ensuring that quotes and "dirty" HTML code will not spoil the form?
我正在使用HTML表单的TEXTAREA字段,该字段将包含文本,并且它可能包含一些HTML标记。 nI 已在此处阅读,这应该使用htmlspecialchars函数进行管理,但是 这将以某种方式显示HTML标签,很难将HTML代码轻松编辑为TEXTAREA形式。 什么是更安全,更简单的方法来实现这一点,确保引号和“脏”HTML代码不会 破坏形式? p> div>
答
The usual workflow:
- Provide a Javascript rich-text editor for your users such as TinyMCE: http://tinymce.moxiecode.com/
- Grab the source generated by the RTE and filter it through HTML Purifier before saving to the database.
- Escape the existing HTML:
<div id="myHtml" style="display: none"><?php echo htmlentities($html); ?></div> - Re-populate the RTE via Javascript - in the case of TinyMCE as follows:
tinyMCE.activeEditor.setContent($('#myHtml').html());
You can also load the HTML content via AJAX.