Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

XHTML and code inside textareas

On a site of mine in which a textarea is used for submission, I have code that can appear something along the lines of the following:

<textarea><p>text</p></textarea>

When validating (XHTML 1.0 Transitional), this error arises,

line 88 column 50 - Error: document type does not allow element "p" here

If this is not a valid method, then what is expected? I could do a workaround with an onload JavaScript event, but that seems needless. Regardless this doesn't affect the output, but I'd rather my site validate.

like image 928
Elle H Avatar asked Oct 12 '08 21:10

Elle H


2 Answers

is there a reason you're trying to put a <p> within <textarea>? as you found out it's not valid. if it's for display purposes (ie, showing code) it should be translated:

<textarea>&lt;p&gt;text&lt;/p&gt;</textarea>

beyond validation issues, allowing arbitrary tags (which are not properly encoded as above) to display can be a huge security issue. it's paramount to make sure any user supplied input has been properly sanitized before it is displayed.

like image 164
Owen Avatar answered Oct 06 '22 12:10

Owen


Would a CDATA section be an option for you?

<textarea><![CDATA[
    <p>Blah</p>
]]></textarea>
like image 36
nickf Avatar answered Oct 06 '22 13:10

nickf