开发者

Textareas and unsafe content

I've got wiki style content which is sanitized and stored in another field of the db for output as html. The original body field I'm not sure how to deal with as when I santize it characters are esc开发者_如何学编程aped and don't display well in the textarea.

What are the dangers of unsafe content in textareas? I'm sure I read previously that downloading such textarea content with ajax is preferable but I'd rather not go down that route if not necessary.


all HTML tag are no safe. by example if you close the textarea, you can add all nez HTML tag or what you want like JS. So it's exactly like inside a non textarea tag.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜