Rendering newlines in escaped html - html

We have a display message that is auto-generated by default, but may be overridden by GET vars from the url. Since we need to treat the message as user input, it must be escaped for display. However, we want to retain the ability to include newlines.
Newlines as <br>
This won't work because escaping HTML destroys the <br> tag.
Newlines as \n
I can't figure out how to get \n to render as newlines. I thought putting it in a tag would render correctly, but no luck: http://jsfiddle.net/7L932/

Escape the HTML, and then replace \n with <br>.
In case you want to use \n, I fix your fiddle for you http://jsfiddle.net/hr3bg/

Setting wrapper html css to white-space: pre-line did the trick for me. It enables \n character's new line feature

What you're doing is more or less fine, except for you should put \n character (newline), not the escape sequence in your html (and what Prinzhorn says also makes perfect sense, so I'll go upvote him).

Your theory's sound, but \n is a not an HTML-recognised way of inserting a new line. It either comes in explicitly (as I've inserted in a new .linebreaks element) as a literal return in the markup, or, if you're using some intermediary scripting language that does recognise \n (like JS), do that (as I've done to your first .linebreaks with the jQuery code I inserted.
See my tweak to your example: http://jsfiddle.net/barney/7L932/2/

Related

How do I type html in a markdown file without it rendering?

I want to type the following sentence in a markdown file: she says <h1> is large. I can do it in StackOverflow with three backticks around h1, but this doesn't work for a .md file. I've also tried a single backtick, single quote, double quote, hashtags, spacing, <code>h1</code> and everything else I could think of. Is there a way to do this?
You can escape the < characters by replacing them with <, which is the HTML escape sequence for <. You're sentence would then be:
she says <h1> is large
As a side note, the original Markdown "spec" has the following to say:
However, inside Markdown code spans and blocks, angle brackets and ampersands are always encoded automatically. This makes it easy to use Markdown to write about HTML code. (As opposed to raw HTML, which is a terrible format for writing about HTML syntax, because every single < and & in your example code needs to be escaped.)
...which means that, if you're still getting tags when putting them in backticks, whatever renderer you're using isn't "compliant" (to the extent that one can be compliant with that document), and you might want to file a bug.
Generally, you can surround the code in single backticks to automatically escape the characters. Otherwise just use the HTML escapes for < <and > >.
i.e.
she says <h1> is large or she says `<h1>` is large
A backslash (\) can be used to escape < and >.
Ex: she says <h1> is large
P.S. See this answer's source by clicking Edit.

JSON escape space characters

How would I escape space characters in a JSON string? Basically my problem is that I've gotten into a situation where the program that reads the string can use HTML tags for formatting, but I need to be able to use these HTML tags without adding more spaces to the string. so things like
<u>text</u>
is fine, for adding underline formatting
but something like
<font size="14">text</font>
is not fine, because the <font> tag with the size attribute adds an extra space to the string. I know, funny criteria, but at this point thats what has happened.
My first speculative solution would be to have some kind of \escape character that JSON can put in between font and size that will solve my "space" problems, something that the HTML will ignore but leave the human readable string in the code without actual spaces.
ex. <font\&size="14">text</font>
displays as: text
kind of like but better?
any solutions?
You can use \u0020 to escape the ' ' character in JSON.

display mysql newline in HTML

Certain fields in our mysql db appear to contain newline characters so that if I SELECT on them something like the following will be returned for a single SQL call:
Life to be sure is nothing much to lose
But young men think it is and we were young
If I want to preserve the line breaks when displaying this field on a webpage, is the standard solution to write a script to replace '\n\r' with a br HTML tag or is there a better way?
Thanks!
Assuming PHP here...
nl2br() adds in <br /> for every \n. Don't forget to escape the content first, to prevent XSS attacks. See below:
<?php echo nl2br(htmlspecialchars($content)); ?>
HTML is a markup language. Regardless of how many linebreaks you put in the source code, you won't see anything from it back in the presentation (of course assuming you aren't using <pre> or white-space:pre). HTML uses the <br> element to represent a linebreak. So you basically indeed need to convert the real and invisible linebreaks denoted by the characters xA (newline, linefeed, LF, \n) and/or xD (carriage return, CR, \r) by a HTML <br> element.
In most programming languages you can just do this by a string replace of "\n" by "<br>".
You can wrap it in <pre> .. </pre>.

escaping html inside comment tags

escaping html is fine - it will remove <'s and >'s etc.
ive run into a problem where i am outputting a filename inside a comment tag eg. <!-- ${filename} -->
of course things can be bad if you dont escape, so it becomes:
<!-- <c:out value="${filename}"/> -->
the problem is that if the file has "--" in the name, all the html gets screwed, since youre not allowed to have <!-- -- -->.
the standard html escape doesnt escape these dashes, and i was wondering if anyone is familiar with a simple / standard way to escape them.
Definition of a HTML comment:
A comment declaration starts with <!, followed by zero or more comments, followed by >. A comment starts and ends with "--", and does not contain any occurrence of "--".
Of course the parsing of a comment is up to the browser.
Nothing strikes me as an obvious solution here, so I'd suggest you str_replace those double dashes out.
There is no good way to solve this. You can't just escape them because comments are read in plaintext. You will have to do something like put a space between the hyphens, or use some sort of code for hyphens (like [HYPHEN]).
Since it is obvoius that you cannnot directly display the '--'s you can either encode them or use the fn:escapeXml or fn:replace tags for appropriate replacements.
JSTL documentation
There's no universal working way to escape those characters in html unless the - characters are in multiples of four so if you do -- it wont work in firefox but ---- will work. So it all depends on the browser. For Example, looking at Internet Explorer 8, it is not a problem, those characters are escaped properly. The same goes for Googles Chrome... However Firefox even the latest browser (3.0.4), it doesn't handle escaping of these characters well.
You shouldn't be trying to HTML-escape, the contents of comments are not escapable and it's fine to have a bare ‘>’ or ‘&’ inside.
‘--’ is its own, unrelated problem and is not really fixable. If you don't need to recover the exact string, just do a replacement to get rid of them (eg. replace with ‘__’).
If you do need to get a string through completely unmolested to a JavaScript that will be reading the contents of the comment, use a string literal:
<!-- 'my-string' -->
which the script can then read using eval(commentnode.data). (Yes, a valid use for eval() at last!)
Then your escaping problem becomes how to put things in JS string literals, which is fairly easily solvable by escaping the ‘'’ and ‘-’ characters:
<!-- 'Bob\x27s\x2D\x2Dstring' -->
(You should probably also escape ‘<’, ‘&’ and ‘"’, in case you ever want to use the same escaping scheme to put a JS string literal inside a <​script> block or inline handler.)

Actionscript3 E4X XML and CSS: Do I really have to use CDATA?

When working with CSS inside of XML such as
<span class="IwuvAS3"></span>
when parsed in flash, if I don't use CDATA like the following:
<![CDATA[<span class="IwuvAS3"></span>]]>
then the parsed data drops down a line for every "<" character it sees.
When parsing the data into a single-line text field, nothing was shown because it was actually down a line. Soon as I wrap it inside of CDATA it works great. I have played with prettyIndent, and as I understand ignoreWhite is true by default.
Is there a way to parse the data without the use of CDATA and keep the implied line breaks out?
EDIT 1 (10/10/08): Thank you, but I am actually looking for a Function or Method. Escaping each is much more cumbersome than using CDATA. The only reason I don't want to use CDATA is that I was taught to stay clear of it. If ActionScript has a method associated to E4X XML handling that will remove the requirement to wrap my XML in CDATA, I would love to know about it.
EDIT 1 (10/15/08): Thanks Philippe! I never would have thought that HTML formatting in Flash is treated as whitespace. The answer was
textField.condenseWhite = true;
<3AS3
Set the TextField's condenseWhite property to true - so only < br/> tags will generate linebreaks.
You could escape the "<" characters (and &, ", >, ', among others) as entities instead.