textarea body problem

Posted on 2003-02-24
Medium Priority
Last Modified: 2010-04-09
We have a document management system here. A user keys-in text into a textarea to submit to a DB. Later on another user reads and/or modifies the stored text in a textarea of a html page. So in the reading or modifying page, the stored text will be preloaded into the textarea as its initial value. For example, in JSP:

  <textarea><%= aTextString %></textarea>

When the user-entered text contains a html tag, for example, a textarea ending tag, there will be a problem for the reading and modifying page. One may suggest a text replacement be applied to escape the tags, but for our case it's important to keep anything intact (display may not be as critical, but recall that the displayed text may be subjected to user modification).

Any suggestion?
Question by:joller
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 17

Accepted Solution

dorward earned 200 total points
ID: 8007870
When populating the textarea (i.e. so the data the user entered is stored as in in the database, but altered when reading it back) convert all the & to &amp;, the < to &lt; and the > to &gt;

The browser will display these as &, < and > in the textarea, and will submit them back to the ASP as such.

<textarea ...>

Will send ">" to the ASP, not "&gt;")

Author Comment

ID: 8009195
Thanks a lot! It seems to solve my problem.
I have one more similar problem here.
When there is a nbsp in the textarea,
the form-data parser of the web-server will report that it can't find the part boundary.
I don't know what's the actual reason; maybe it's the problem of the browser, or maybe the form-data parser.
But I think it can be avoided by escaping ampersand, right?
Besides ampersand and little-than, is there anything else I must escape?
LVL 17

Expert Comment

ID: 8010162
I think that escaping the ampersand would do the trick.

The three characters that its best to escape all the time at &, < and > as they have special meaning in HTML.

Other then that, the only worry might be the use of characters which don't appear in the character set being used, but if you use a unicode character set (e.g. UTF-16), or if you are only dealing with English input, that shouldn't be a problem.

Author Comment

ID: 8013223
I see. It's very much helpful.
I've accepted it as an answer.
LVL 17

Expert Comment

ID: 8015346
Thanks very much, glad to have helped.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question