On Tue, 3 Aug 2004 14:23:40 +1200, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > Looks like I went a bit over the top with the embedded html proposal. > > It seems the users would be content if whatever they'd keyed into a > text-area looked the same when > subsequently re-displayed as text in a document. > > ie just preserve the line-feeds, no need for bolding etc. >
To get the line formatting correctly, just enclose the <bean:write> tag inside a <pre> ... </pre> element. If you do not disable filtering, and the user entered "<b>" in their text, then "<b>" is literally what will appear. If you want the text to actually be bold on the screen, then you will have to disable filtering (and watch out for the cross site scripting stuff). Craig > Any ideas? > > > >If you want someone to see the visualized text as they are typing, > >you're going to need something like a "rich text" component that does > >that sort of thing in JavaScript. The standard HTML <textarea> > >element that Struts uses doesn't help you, even if the HTML elements > >are literally embedded. > > > >If you are taking content and then literally embedding it in your page > >with something like <bean:write>, you can turn off the filtering by > >saying filter="false" in the attributes of this tag. Be aware, > >however, that in doing so *you* are taking responsibility for avoiding > >cross site scripting attacks from potentially malicious users that try > >to embed JavaScript markup. Most likely, you'll need to scan the text > >and only allow HTML elements that are reasonably harmless (like <b>). > > > > > >Craig > > >> > >> > >> Hi All, > >> > >> I have a struts app that lets users input into text-areas. Whatever the > >> user entered will later be displayed as text. > >> To give users some control over presentation, I'd like to allow them to > >> enter html directly into a text-area. > >> Struts appears to convert all html to harmless displayable text, so that > >> <hr> appears quite literally as '<hr>' rather than as a horizontal line. > >> > >> How can I allow users to input effective html? And is there any way I > can > >> ring-fence what they enter, so that any html errors they make don't > bring > >> the whole page down? > >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
