Home/ Questions/Q 1095079
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T00:04:05+00:00

I’m using a HTML form’s TEXTAREA field that will contain text and it may

  • 0

I’m using a HTML form’s TEXTAREA field that will contain text and it may can contain itself some HTML tags.
I have read here that this should be managed using htmlspecialchars function, however this will show the HTML tags in a way it will be quite difficult to allow easy editing of the HTML code into the form TEXTAREA.
What is the safer, easier way to achieve this, ensuring that quotes and “dirty” HTML code will not spoil the form?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The usual workflow:

    1. Provide a Javascript rich-text editor for your users such as TinyMCE: http://tinymce.moxiecode.com/
    2. Grab the source generated by the RTE and filter it through HTML Purifier before saving to the database.
    3. Escape the existing HTML: <div id="myHtml" style="display: none"><?php echo htmlentities($html); ?></div>
    4. Re-populate the RTE via Javascript – in the case of TinyMCE as follows: tinyMCE.activeEditor.setContent($('#myHtml').html());

    You can also load the HTML content via AJAX.

    • 0