ecoder | web-based code editor / Discussion / Open Discussion: </textarea> could be a problem

</textarea> could be a problem

Creator: Anonymous

Created: 2010-07-27

Updated: 2013-04-29

Anonymous - 2010-07-27

"</textarea>" tag could be a problem, you might want to use htmlspecialchars in file.php

when you are editing a HTML file wich contains </TEXTAREA>, the content of the file is not escaped so, as you can easily guess, the editing textarea si closed and the HTML code after the end tag is displayed on the page (and some javascript can be executed too)

I am just amazed that something like that is possible, nobody never use TEXTAREAS ??

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

frostbitten - 2010-09-27

This is definitely a job for htmlentities()!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

I use it in my attributes stripper. Very simple code.
http://matthewseremet.com/apps/stripper.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" 
   "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
    <title>Matt's App: Remove all 'X' attributes.</title>
</head>
<body>
<p><a href="stripper.php"> Reset all </a></p>
<?php
if(get_magic_quotes_gpc()) {
    $in = array(&$_GET,&$_POST,&$_COOKIE);
    while(list($k,$v) = each($in)) {
        foreach($v as $key=>$val) {
            if(!is_array($val)) $in[$k][$key] = stripslashes($val);
            else $in[] =& $in[$k][$key];
        }
    }
    unset($in);
}
if(isset($_POST['markup']) and isset($_POST['attributes']))
{
    $attr = htmlentities($_POST['attributes'])    ;
    $input = htmlentities($_POST['markup']);
    
} else {
    $input = "Input markup goes here... Paste it all.";
    $attr = "attributes, comma, deliniated";
    
}
?>
    
<form action="stripper.php" method="post">
<div>
<textarea name="markup" rows="10" cols="70"><?php echo $input; ?></textarea><br/>
<input type="text" name="attributes" value="<?php echo $attr; ?>" size="70"/>
<input type="submit" value="Remove!" /></div>
</form>
<?php
if(isset($_POST['markup']) and isset($_POST['attributes']))
{
    $attr = explode("," , $attr);
    
    $output = $input;
    
    foreach ($attr as $value)
    {
        $value = trim($value);
        $output = preg_replace("/ $value=(&quot;(.*?)&quot;)/", "", $output);
    }
    ?>
    <hr/>
    <form action="#">
        <div>
            <textarea name="output" rows="10" cols="70"> <?php echo $output; ?> </textarea>
        </div>
    </form>
    <?php
}
?>
<hr />
  <p>
    <a href="http://validator.w3.org/check?uri=referer"><img
        src="http://www.w3.org/Icons/valid-xhtml11"
        alt="Valid XHTML 1.1" height="31" width="88" /></a>
  </p>
</body>
</html>

</textarea> could be a problem

Forums

Help

</textarea> could be a problem

</textarea> could be a problem

Forums

Help

</textarea> could be a problem document.SUBSCRIPTION_OPTIONS = { "thing": "topic", "subscribed": false, "url": "subscribe", "icon": { "css": "fa fa-envelope-o" } };

</textarea> could be a problem