using tinymce

[vividona]

Hi everybody,

 

I just used tinymce editor. but when I sent my form it show like this

 

p><span style="color: #0000ff;"><strong><span style="font-family: georgia,palatino;"><span style="font-size: small;">This is a test article useing tinymce</span></span></strong></span></p>

 

how can I show my text without these codes???

[MatthewJ]

That is sort of a confusing question

 

Tinymce is used to add html markup... when the added content is displayed in a browser, the html should be parsed and you would only see the text formatted the way you wanted it to be.

 

Maybe a little more clarification is needed.

[vividona]

I just added this code in my form and identified the true path to tinymce

 

<!-- tinyMCE --> 
<script language="javascript" type="text/javascript" src="tinymce/jscripts/tiny_mce/tiny_mce.js"></script> 
<script language="javascript" type="text/javascript"> 
    tinyMCE.init({ 
        mode : "textareas", 
        theme : "advanced", 
        plugins : "safari,spellchecker,style,layer,table,save,advhr,advimage,advlink,emotions,iespell,inlinepopups,insertdatetime,preview,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras,template,pagebreak,imagemanager,filemanager", 
        theme_advanced_buttons1_add_before : "save,newdocument,separator", 
        theme_advanced_buttons1_add : "fontselect,fontsizeselect", 
        theme_advanced_buttons2_add : "separator,insertdate,inserttime,preview,separator,forecolor,backcolor", 
        theme_advanced_buttons2_add_before: "cut,copy,paste,pastetext,pasteword,separator,search,replace,separator", 
        theme_advanced_buttons3_add_before : "tablecontrols,separator", 
        theme_advanced_buttons3_add : "emotions,iespell,media,advhr,separator,print,separator,ltr,rtl,separator,fullscreen", 
        theme_advanced_buttons4 : "insertlayer,moveforward,movebackward,absolute,|,styleprops,|,spellchecker,cite,abbr,acronym,del,ins,attribs,|,visualchars,nonbreaking,template,blockquote,pagebreak,|,insertfile,insertimage", 
        theme_advanced_toolbar_location : "top", 
        theme_advanced_toolbar_align : "left", 
        theme_advanced_statusbar_location : "bottom", 
        content_css : "/example_data/example_full.css", 
        plugin_insertdate_dateFormat : "%Y-%m-%d", 
        plugin_insertdate_timeFormat : "%H:%M:%S", 
        external_link_list_url : "example_data/example_link_list.js", 
        external_image_list_url : "example_data/example_image_list.js", 
        flash_external_list_url : "example_data/example_flash_list.js", 
        template_external_list_url : "example_data/example_template_list.js", 
        theme_advanced_resize_horizontal : false, 
        theme_advanced_resizing : true, 
        apply_source_formatting : true, 
        spellchecker_languages : "+English=en,Danish=da,Dutch=nl,Finnish=fi,French=fr,German=de,Italian=it,Polish=pl,Portuguese=pt,Spanish=es,Swedish=sv" 
    }); 
</script> 
<!-- /tinyMCE -->

 

Plz if I missed something inform me.

[Psycho]

Those "codes" are necessary to display the text as formatted by the user using TinyMCE - that is what it does. If you do not want to show the text with any formatting then don't use TinyMCE.

 

However, if you need to repurpose the user text for both formatted and nonformatted purposes, you could simply use the PHP function strip_tags().

 

http://us.php.net/strip_tags

[vividona]

Those "codes" are necessary to display the text as formatted by the user using TinyMCE - that is what it does. If you do not want to show the text with any formatting then don't use TinyMCE.

 

However, if you need to repurpose the user text for both formatted and nonformatted purposes, you could simply use the PHP function strip_tags().

 

http://us.php.net/strip_tags

 

ok now

I removed htmlspecialchars()

but is there any security issue may happened if I do I used html codes?

[waynew]

There is of course a security issue when it comes to users submitting their own HTML etc.

 

1: How can you be sure that they wont enter JavaScript and have it execute? What if a user submits:

 

<script>
var i = 0;
while(i < 1000){
   alert(document.cookie);
   i++;
}
</script>

 

An alert box will pop up 1000 times before the user can do anything.

 

IF you trust your user (client's CMS etc), then allow them. If you don't, there are ways to limit the user and even add bbcode.

[vividona]

There is of course a security issue when it comes to users submitting their own HTML etc.

 

1: How can you be sure that they wont enter JavaScript and have it execute? What if a user submits:

 

<script>
var i = 0;
while(i < 1000){
   alert(document.cookie);
   i++;
}
</script>

 

An alert box will pop up 1000 times before the user can do anything.

 

IF you trust your user (client's CMS etc), then allow them. If you don't, there are ways to limit the user and even add bbcode.

 

Thank you waynewex

 

but how can I avoid Javascript and in the same time use tinymce?