textarea中的HTML解码 [英] HTML Decoding within textarea
问题描述
我在使用我构建的网站管理工具时遇到问题,它允许我为我的网站编辑文章。我正在使用google-code-prettify,因为我的文章是关于C ++编程的,然后我使用< pre class =prettyprint> < / pre> 标记以指定我即将开始编写C ++代码。问题在于,当我写信时,
I am having trouble with a site administration tool I built, It allows me to edit articles for my website. I am using google-code-prettify as my articles are on C++ programming, I then use the <pre class="prettyprint"> </pre> tags to specify I am about to start writing C++ code. The problem is that when I write say,
#include <iostream>
然后将其插入我的mySQL数据库,它将正确添加插入文本<>
,但是当我请求信息并将其显示在文章查看页面中时。它将打破页面,因为HTML认为我正在尝试添加HTML标记。所以当使用& lt; & gt; 标签它会正确地将这些添加到我的数据库中,文章查看器页面将正确读取
And then insert this into my mySQL database, it will properly add insert the text with the <>
but when I request the info and display it in a article viewing page. It will break the page as HTML thinks I am trying to add an HTML tag. So when using the < > tags it will properly add these to my database and the article viewer page will properly read the
#include <iostream>
但如果我想编辑这篇文章,它会读到& ; lt;& gt; as<>。哪个在另一个插入上将使我回到原来的问题,即将<>插入数据库并让它们不在我的查看器中。如何阻止HTML将& lt;& gt; 更改为<>,但前提是它位于< pre class内我的textarea中的prettyprint>< / pre> 。我已经将它用于使用jquery转换文本区域中的所有内容。
But if I go want to edit the article, it will read the <> as <>. Which on another insert will bring me back to the original problem of inserting the <> into the database and having them not in my viewer. How can I stop HTML from changing <> into the <>, but only if it is inside <pre class"prettyprint"></pre> within my textarea. I have got it working where it will convert everything in the text area using jquery.
$("#contbox").each(
function () {
$(this).text($(this).html()).html();
}
);
其中#contbox是我的textarea的id,但我无法弄清楚如何将此限制为仅限于此在预标签中,
提前致谢
Where #contbox is the id of my textarea, however I cannot figure out how to limit this to only within the pre tags,
Thanks in advance
推荐答案
最佳做法是将文件存储为未编码的字符串并且只在需要显示时进行编码。最大的原因是可能在需要不同编码的多个地方显示/使用相同的数据(或根本不显示)。如果您的网站允许用户输入HTML格式的文本,您应该将其完全按照输入的方式存储在数据库中,并在需要时将其显示给最终用户调用相应的编码。
Best practice is to store the file as unencoded strings and only encode when it is time to display. The biggest reason for this is the same data may be displayed/used in multiple places that require different encoding (or none at all). If your website allows a user to enter HTML formatted text, you should store it in the database exactly as entered and when it comes time to display it to the end user call the appropriate encoding.
您需要在服务器端调用适当的编码。这可以防止在您的javascript运行和编码数据之前执行恶意代码,这也意味着如果用户禁用了javascript,您的用户仍会看到有效的文本。
You need to call the appropriate encoding on the server side. This would prevent malicious code from being executed before your javascript can run and encode the data and it also means that your user would still see valid text if they have javascript disabled.
这篇关于textarea中的HTML解码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
