I have a requirement to paste text from a textarea into the DOM as

Question

0

Asked: May 20, 20262026-05-20T01:32:12+00:00 2026-05-20T01:32:12+00:00

I have a requirement to paste text from a textarea into the DOM as

0

I have a requirement to paste text from a textarea into the DOM as a preview area, much like the one you get on Stackoverflow when you make a comment etc.

I allow users to insert any and all html tags, including javascript tags. I know this will allow embedded javascript and flash content etc, but I then remove all of this server side so no other user will see, they just see plain text.

However are there any security issues in letting the user insert these things in there own page?

My guess is there isn’t otherwise tools like firebug would be a security risk, but I’m not sure.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-20T01:32:12+00:00

Editorial Team

2026-05-20T01:32:12+00:00Added an answer on May 20, 2026 at 1:32 am

However are there any security issues in letting the user insert these things in there own page?

I can’t see any – the DOM is freely manipulable in the client’s browser, anyway. Whether they do it using a tool like Firebug or your JavaScript function, doesn’t matter.

As long as the data isn’t shown unfiltered in other users’ browsers, I think you’re safe doing this.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a requirement to paste text from a textarea into the DOM as

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply