How to add html codes using aloha editor

Question

I have a forum where any user can write the articles. The forum is powered with aloha editor for user input.It has one page for editing and another page for display.But the problem arises when user trying to input html code.

Suppose a user write a header tag

`<h1>header</h1>`

it is outputting

Header

Insted of that i want to output

<h1>Header</h1>

Any sugections?.

Answer 1

When user submits the article, you need to use htmlentities (PHP htmlentities) before rendering it back.

Answer 2

You should escape the html code, for example you should use:

<h1>Header</h1>

Instead of

<h1>Header</h1>

Answer 3

Im sorry but Im afraid my answer will not be the best, I know there are some better techniques to attain this one (using what @chiwangc says) but if you ever stuck you can use what I am thingking.

Just place the html code that you want to output in a 'textarea' (you may want to disable it) like

<textarea><h1>Header</h1></textarea>

Note! This was just your alternative but if it satisfies you, then cheers.

Hope it helps.

Answer 4

I dont know what is aloha editor, but you absolutely should check user input for security-break attempts (js-includes, sql-injects, etc...). For example it may be a function like this one, which i used in one of my projects:

function filterMsg($m){
    $m=trim( stripslashes( urldecode($m) ) );
    $m=htmlentities( $m, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8' );
    $m=preg_replace( '/[\\s\\t]+/iu', ' ', $m );
    $m=preg_replace( '/[\\s\\|]{2,999}/iu', '|', $m);
    $m=preg_replace( '/([^\\|]{1,40})[\\|]+/iu', '$1 ', $m);
    $m=str_replace( '|', '<br>', $m);
    $m=str_replace( "\n", '<br>', $m);
    return $m;
}

But if you simply wanna to show unparsed content you can use <xmp></xmp> html tags.