I'm fairly new to html and php and have an issue where I can type html into my text box and if I echo out the information from the database it will actually run the code. What I mean is...
On my website there is a textbox and in the text box they can type br or a href etc and the code will run like actuall html.
So is there a way to prevent this? CKEditor or what? All support is much appreciated!
htmlspecialchars would be a good place to start. Followed by getting a clue what you're doing before you become yet another victim of terrible coding practices and security issues.
Related
Currently working on translating a website for a partner.
The website is made in Webflow, although parts of it is coded with some html/javascript. I have succesfully translated the labels here, but I cannot seem to access the text in and after the file upload buttons.
Help appreciated.
I tried Googling it, but to no avail.
HTML button uses system language.
If you want full control of button and text you should make your implementation with text that you want.
https://dev.to/faddalibrahim/how-to-create-a-custom-file-upload-button-using-html-css-and-javascript-1c03
Excuse me as this is probably a silly request, but I'm working on a school project where I need the status of a text file (either "yes" or "no") to confirm whether the user has visited the site before.
Can someone help me with the code for 1) reading the text file and 2) setting the element's text to that when the page loads?
Thanks - I have reasonable HTML and visual basic knowledge but I can't seem to figure this out.
If you need all my code just ask for it and I can provide it.
Edit: if anyone also has any suggestions of how to do this a different way I will take them as well.
So I need to have a search box search through text on a web page and show relevant searches. I have no clue how to do this and didn't find anything online on how to. So if I have a search box on www.example.com/index.html, and and user enters text into it, then it searches the text on www.example.com/example.html and displays the result. Finally just an FIY it needs to be in HTML. Thanks for any help in advanced!
Well, you would need to know javascript (and probably php) to do that properly, which your request sounds like you do not.
If you need to add a search engine without knowing javascript/php, then your best bet is probably to look into something like Google's Custom Search - https://support.google.com/customsearch/answer/2630969?hl=en
Setting it up sounds simple enough for someone who doesn't understand what the code is actually doing - all copy and paste. Don't do that with any old script on the web, though. There's plenty of dodgy ones out there!
I am new to web development and just trying to add spelling suggestion to a textarea. I really don't know what I am going to need for this, need to write the code myself or use a third party library etc. Can someone suggest me how to add this functionality to a simple HTML page containing a textarea. I want when I write a misspelled word in text area, some suggestions matching that word should appear in dropdown.
Well autocorrect in the web page can be achieved by JavaScript for sure.
There are some nice frameworks for this, probably you could see this:
https://github.com/sanisoft/jQuery-auto-correct
For only spellchecking (despite built-in browser checking):
http://www.javascriptspellcheck.com/JQuery_SpellCheck_Plugin
I'm in the process of reproducing some standalone HTML forms as pages in a CMS that uses FCKEditor by simply copying and pasting the relevant code into the editor.
But when I save and view the page, the HTML has been changed and the tag has been moved up to just below the open tag -- and not at the bottom of the form. This obviously renders all of the fields in the form, including the submit button, useless.
Is there a way to tell FCKEditor that I know what I'm doing and I don't need it to validate the HTML output?
Unfortunately this is a hosted CMS service (actually part of an email blast tool) so making changes to the configuration will mean I need to go through the company's support system, which is fine -- but they haven't been able to solve it for me yet, so I'm hoping to get the answers for them.
Thanks!
This is a bit of a difficult thing because as far as I know, it's not necessarily the WYSIWYG editors that "fix" "broken" HTML, it's the browsers' HTML editing engines themselves, and it's often near impossible to talk them out of doing this.
You'd have to show your exact source to get detailed feedback, but check out whether protectedSource is something for you. It's supposed to protect code that is covered by the regular expression you specify.
I'm not sure about FCKEditor, but you might want to consider switching to TinyMCE. TinyMCE allows you to both edit a list of allowed tags, and to turn off HTML validation off completely if you like.