Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 189
  • Last Modified:

textarea body problem

We have a document management system here. A user keys-in text into a textarea to submit to a DB. Later on another user reads and/or modifies the stored text in a textarea of a html page. So in the reading or modifying page, the stored text will be preloaded into the textarea as its initial value. For example, in JSP:

  <textarea><%= aTextString %></textarea>

When the user-entered text contains a html tag, for example, a textarea ending tag, there will be a problem for the reading and modifying page. One may suggest a text replacement be applied to escape the tags, but for our case it's important to keep anything intact (display may not be as critical, but recall that the displayed text may be subjected to user modification).

Any suggestion?
0
joller
Asked:
joller
  • 3
  • 2
1 Solution
 
dorwardCommented:
When populating the textarea (i.e. so the data the user entered is stored as in in the database, but altered when reading it back) convert all the & to &amp;, the < to &lt; and the > to &gt;

The browser will display these as &, < and > in the textarea, and will submit them back to the ASP as such.

(i.e.
<textarea ...>
&gt;
</textarea>

Will send ">" to the ASP, not "&gt;")
0
 
jollerAuthor Commented:
Thanks a lot! It seems to solve my problem.
I have one more similar problem here.
When there is a nbsp in the textarea,
the form-data parser of the web-server will report that it can't find the part boundary.
I don't know what's the actual reason; maybe it's the problem of the browser, or maybe the form-data parser.
But I think it can be avoided by escaping ampersand, right?
Besides ampersand and little-than, is there anything else I must escape?
0
 
dorwardCommented:
I think that escaping the ampersand would do the trick.

The three characters that its best to escape all the time at &, < and > as they have special meaning in HTML.

Other then that, the only worry might be the use of characters which don't appear in the character set being used, but if you use a unicode character set (e.g. UTF-16), or if you are only dealing with English input, that shouldn't be a problem.
0
 
jollerAuthor Commented:
I see. It's very much helpful.
I've accepted it as an answer.
0
 
dorwardCommented:
Thanks very much, glad to have helped.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now