inserting and displaying html formatting in input form

inserting and displaying html formatting in input form

craigmalcraigmal Posts: 3Questions: 3Answers: 0

The live editor examples allow html styling of a word(s) in a text field. Select a row, add <i> italic </>. The updated cell successfully displays the italic text. I created my .NET table using the generator package. When I add <i>italic</i> the updated field displays the code not the style. It returns <i>italic</>. I turned validation=false so visual studio will accept the html.

I suspect the problem results from using the generator package. Will I have the same problem using PHP?.

Answers

  • allanallan Posts: 63,519Questions: 1Answers: 10,473 Site admin

    No - you won't have the same issue in PHP. The problem here is the built in XSS protection. Microsoft's XSS library, which Editor uses, is really aggressive and will encode a lot of options that aren't really required to be encoded (basically any HTML).

    One option is to disable the XSS protection on input, and instead use a DataTables renderer to protect yourself on output. That can be done using the APIs as discussed in the Editor manual.

    Allan

This discussion has been closed.