• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

value of html input tag includes formatting and is breaking the tag

T

TechBoyJK

Lifer
Hi guys,

I'm trying to pass a form variable that has some html formatting in it.

I'm wanting to figure out a way to keep the formatting text from breaking my variables. For example, when I populate the value of the following input tag, and that variable is processed, it breaks it.

How can I wrap my variable so that the content of the variable doesn't break the input tag?


<INPUT class="input" type="hidden" name="body" value="#message#">

Processed as -->

<INPUT class="input" type="hidden" name="body" value="
<pre>
<strong>Hey Buddy, </strong></pre>
<pre>I was thinking that it was a good idea. </pre>
<pre>Sincerely, </pre>
<pre><span style="color: #2f4f4f">Jason</span></pre>
">


With it being processed the way it does, I'm having an unwanted block of text displayed on screen.

"> Jason

How can I fix this?
 
On input, you should store whatever the user puts in. On output. You should have something like a-z A-Z .,* for no escaped characters, and escape everything else.

As for the message.. Meh. I wouldn't want to try and figure out who is trying to break the system and who is actually putting in a < seriously.
 
OK, still have trouble with this.

Here's an example of a form input value that includes formatting. The value is being set to whatever is in the database.

While including this value, the webpage is rendered the content of the value of the input.

How can I stop this? I need the formatting.

<INPUT class="input" type="hidden" name="body" value="<p>
<span style="font-size: 36px">
<span style="font-family:tahoma,geneva,sans-serif">&nbsp;asdfdfdfadsfasdf</span>
</span></p>
<hr />
<p>
SENT:09/16/2010<br />
TO:jason<br />
FROM:ADMIN<br />
SUBJECT:HELLO!</p>
<p>
HOW YOU DOING??</p>
<p>
THIS IS COOL</p>
">

<INPUT class="input" type="hidden" name="urgent" value="">
<INPUT class="input" type="hidden" name="fromforward" value="1">
 
Last edited:
What language are you using, you just need to html encode your data. I.e. convert & to &amp; convert > to &gt; and < to &lt;
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top