Looks like I went a bit over the top with the embedded html proposal.
It seems the users would be content if whatever they'd keyed into a
text-area looked the same when
subsequently re-displayed as text in a document.
ie just preserve the line-feeds, no need for bolding etc.
Any ideas?
>If you want someone to see the visualized text as they are typing,
>you're going to need something like a "rich text" component that does
>that sort of thing in JavaScript. The standard HTML <textarea>
>element that Struts uses doesn't help you, even if the HTML elements
>are literally embedded.
>
>If you are taking content and then literally embedding it in your page
>with something like <bean:write>, you can turn off the filtering by
>saying filter="false" in the attributes of this tag. Be aware,
>however, that in doing so *you* are taking responsibility for avoiding
>cross site scripting attacks from potentially malicious users that try
>to embed JavaScript markup. Most likely, you'll need to scan the text
>and only allow HTML elements that are reasonably harmless (like <b>).
>
>
>Craig
>>
>>
>> Hi All,
>>
>> I have a struts app that lets users input into text-areas. Whatever the
>> user entered will later be displayed as text.
>> To give users some control over presentation, I'd like to allow them to
>> enter html directly into a text-area.
>> Struts appears to convert all html to harmless displayable text, so that
>> <hr> appears quite literally as '<hr>' rather than as a horizontal line.
>>
>> How can I allow users to input effective html? And is there any way I
can
>> ring-fence what they enter, so that any html errors they make don't
bring
>> the whole page down?
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
