HTML display issue

Hi guys

I dearly hope this is something you can help me with.

On my website I have a form (page1.asp) that allows my users to format their text with HTML code and add it to my database (SQL Server). To do this I use a tool developed by If you’re not familiar with Nicedit it basically transforms a standard box into a HTML editor where you can format text with html tags.

An example of the data that is stored in my database table can be seen below:

<h1 class="clear" itemprop="headline">Alan Pardew fires warning message to Manchester United ahead of crucial clash</h1><p class="lead">ALAN PARDEW insists he will not field a weakened side at Old Trafford tomorrow night.<br></p>

This works fine and my users can add their html code to my database table. I then query the data and display it on another asp page (page2.asp).

The problem I have is this, when my other asp page (page2.asp) displays my user’s HTML formatted text the HTML code, that is retrieved from the database table, itself is rendered and used by my actual page so any code that my users use can actually effect my entire page. So, if a tag is broken then it could potential corrupt the entire look of my page.

Ideally, I just want their HTML code to effect their text and not the other text or HTML elements on my page.

Is this possible? Any help would be fully appreciated.

Best regards

Rod from the UK

Only way I can think of would be for you to put the user entered html into an iframe and display it that way. There are definite downsides to that approach, but it’s the only way I can think of that the user entered content impact is contained in any way.

@PaulOB: Any obvious approaches I’m missing?

1 Like

My first thoughts would have been an iframe also or perhaps to have sanitised the data when it was collected to make sure it matches.

The shadow dom would be an answer if it was better supported.

Hi Guys

Thanks for your reply.

The only problem with the iFrame solution is that I would miss out on SEO benefit so it’s not really an option.



Then you are basically left with tidying up the html that you have received to make sure its correctly formatted.



Hi guys

If a user adds the following:

html test

then it will appear as this in my database:

<strong><font color="#ff3300">html test</strong>

The problem is that as the <font> tag is not closed it affects the rest of my page in that the remaining text is all red. Ideally, I just want their html coding (no matter how good or bad it is) it to affect their part of the page.

It would be great if I could just place their text in a <div> and their html code doesn’t affect anything outside it.

Any ideas? Any help would be fully appreciated.

Best regards

Rod from the UK

Not possible.

Users need to be more cautious or you will need to correct their mistakes for them.

Thanks guys

Looks like I need to go back to the drawing board!

Best regards

Rod from the UK

1 Like

might be a bit too simplistic but you could write a little bit of code to count opening < and closing > and then flag that as a record you need to check or perhaps stop it submitting until the user checks the formatting?

How much control do you want them to have. With CKeditor you can do a custom menu and lock down which controls the user has so you can reduce some of your error if you got rid of font colours etc.

1 Like

Hi Noppy

Thanks so much for your reply.

Your post has got me thinking of another way to approach this. Basically, I found a script that validates HTML tags and ensures that they are closed. I found the script here:

It works great but I need the script to do a little more that it currently does. I have outlined my issue in a separate post which can be viewed here:

Again, any help would be fully appreciated

Best regards

Rod from the UK

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.