I dearly hope this is something you can help me with.
On my website I have a form (page1.asp) that allows my users to format their text with HTML code and add it to my database (SQL Server). To do this I use a tool developed by Nicedit.com. If you’re not familiar with Nicedit it basically transforms a standard box into a HTML editor where you can format text with html tags.
An example of the data that is stored in my database table can be seen below:
<h1 class="clear" itemprop="headline">Alan Pardew fires warning message to Manchester United ahead of crucial clash</h1><p class="lead">ALAN PARDEW insists he will not field a weakened side at Old Trafford tomorrow night.<br></p>
This works fine and my users can add their html code to my database table. I then query the data and display it on another asp page (page2.asp).
The problem I have is this, when my other asp page (page2.asp) displays my user’s HTML formatted text the HTML code, that is retrieved from the database table, itself is rendered and used by my actual page so any code that my users use can actually effect my entire page. So, if a tag is broken then it could potential corrupt the entire look of my page.
Ideally, I just want their HTML code to effect their text and not the other text or HTML elements on my page.
Is this possible? Any help would be fully appreciated.
Only way I can think of would be for you to put the user entered html into an iframe and display it that way. There are definite downsides to that approach, but it’s the only way I can think of that the user entered content impact is contained in any way.
The problem is that as the <font> tag is not closed it affects the rest of my page in that the remaining text is all red. Ideally, I just want their html coding (no matter how good or bad it is) it to affect their part of the page.
It would be great if I could just place their text in a <div> and their html code doesn’t affect anything outside it.
might be a bit too simplistic but you could write a little bit of code to count opening < and closing > and then flag that as a record you need to check or perhaps stop it submitting until the user checks the formatting?
How much control do you want them to have. With CKeditor you can do a custom menu and lock down which controls the user has so you can reduce some of your error if you got rid of font colours etc.
Your post has got me thinking of another way to approach this. Basically, I found a script that validates HTML tags and ensures that they are closed. I found the script here: