jaymc Posted October 30, 2007 Share Posted October 30, 2007 I am testing a live chat Im making and Ive hit a problem Lets say someone wants to post some PHP code.. the javascript that handles the retreival of the text doesnt like it For example if I try and send <? echo "hi"; ?> I dont get anything. It can deal with the quotes fine " ' so Im assuming its the tags < > the javascript picks it up by geting the .value of the text field in a form and writes it to a div using innerHTML = How do you fix this. php would use htmlspecialchars or something, whats javascripts approach Quote Link to comment Share on other sites More sharing options...
fenway Posted October 30, 2007 Share Posted October 30, 2007 You just need to escape any quotes with a backslash. Quote Link to comment Share on other sites More sharing options...
jaymc Posted October 30, 2007 Author Share Posted October 30, 2007 Its not the slashes causing the problem though.. It appears to be this < Quote Link to comment Share on other sites More sharing options...
fenway Posted October 31, 2007 Share Posted October 31, 2007 Its not the slashes causing the problem though.. It appears to be this < For JS alone, it's the quotes, NOT the slashes... the backslahes are for escaping. The issue you're having is that innerHTML expects, well, HTML, so it seems < as an open tag. I'm not sure why you're doing what you're doing, the php code won't ever get executed. If you just want to display it, user innerText, not innerHTML. Quote Link to comment Share on other sites More sharing options...
jaymc Posted October 31, 2007 Author Share Posted October 31, 2007 Ok, that works but the string contains both HTML which i need parsed and text string which cannot be parsed Here, notice chat right at the very end, this will be the users text, this must not parse HTML document.getElementById('messages').innerHTML += "<BR><a href=\"javascript:image(p.php?user=" + from + "')\">" + from + "</a> - " + chat I tried this way around it but strangely its not working document.getElementById('messages').innerHTML += "<BR><a href=\"javascript:image(p.php?user=" + from + "')\">" + from + "</a> - " document.getElementById('messages').innerText += chat When I do that, the innerHTML stuff just above the innerText stuff is not being parsed Any ideas? Quote Link to comment Share on other sites More sharing options...
fenway Posted November 1, 2007 Share Posted November 1, 2007 That's because your final statement switches the entire thing back to text. You either shouldn't be doing what you're doing -- i.e. just use html only, and write out another div on the inside with an id you can find, and then insert the user's text after it's been rendered -- or use DOM functions to make new element children. Quote Link to comment Share on other sites More sharing options...
jaymc Posted November 1, 2007 Author Share Posted November 1, 2007 Ah ok, cheers Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.