jaymc Posted October 30, 2007 Share Posted October 30, 2007 I am testing a live chat Im making and Ive hit a problem Lets say someone wants to post some PHP code.. the javascript that handles the retreival of the text doesnt like it For example if I try and send <? echo "hi"; ?> I dont get anything. It can deal with the quotes fine " ' so Im assuming its the tags < > the javascript picks it up by geting the .value of the text field in a form and writes it to a div using innerHTML = How do you fix this. php would use htmlspecialchars or something, whats javascripts approach Link to comment https://forums.phpfreaks.com/topic/75380-solved-safe-text/ Share on other sites More sharing options...
fenway Posted October 30, 2007 Share Posted October 30, 2007 You just need to escape any quotes with a backslash. Link to comment https://forums.phpfreaks.com/topic/75380-solved-safe-text/#findComment-381304 Share on other sites More sharing options...
jaymc Posted October 30, 2007 Author Share Posted October 30, 2007 Its not the slashes causing the problem though.. It appears to be this < Link to comment https://forums.phpfreaks.com/topic/75380-solved-safe-text/#findComment-381476 Share on other sites More sharing options...
fenway Posted October 31, 2007 Share Posted October 31, 2007 Its not the slashes causing the problem though.. It appears to be this < For JS alone, it's the quotes, NOT the slashes... the backslahes are for escaping. The issue you're having is that innerHTML expects, well, HTML, so it seems < as an open tag. I'm not sure why you're doing what you're doing, the php code won't ever get executed. If you just want to display it, user innerText, not innerHTML. Link to comment https://forums.phpfreaks.com/topic/75380-solved-safe-text/#findComment-381887 Share on other sites More sharing options...
jaymc Posted October 31, 2007 Author Share Posted October 31, 2007 Ok, that works but the string contains both HTML which i need parsed and text string which cannot be parsed Here, notice chat right at the very end, this will be the users text, this must not parse HTML document.getElementById('messages').innerHTML += "<BR><a href=\"javascript:image(p.php?user=" + from + "')\">" + from + "</a> - " + chat I tried this way around it but strangely its not working document.getElementById('messages').innerHTML += "<BR><a href=\"javascript:image(p.php?user=" + from + "')\">" + from + "</a> - " document.getElementById('messages').innerText += chat When I do that, the innerHTML stuff just above the innerText stuff is not being parsed Any ideas? Link to comment https://forums.phpfreaks.com/topic/75380-solved-safe-text/#findComment-382415 Share on other sites More sharing options...
fenway Posted November 1, 2007 Share Posted November 1, 2007 That's because your final statement switches the entire thing back to text. You either shouldn't be doing what you're doing -- i.e. just use html only, and write out another div on the inside with an id you can find, and then insert the user's text after it's been rendered -- or use DOM functions to make new element children. Link to comment https://forums.phpfreaks.com/topic/75380-solved-safe-text/#findComment-382749 Share on other sites More sharing options...
jaymc Posted November 1, 2007 Author Share Posted November 1, 2007 Ah ok, cheers Link to comment https://forums.phpfreaks.com/topic/75380-solved-safe-text/#findComment-382842 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.