0

I need to be able to store formatted HTML inside data attribute later to be picked-up by jQuery in two formats:

  1. HTML
  2. Plain text

With my PHP I store HTML like this:

echo '<li data-desc="'. htmlspecialchars($myHTMLdescription) .'" class="myTerm">'. stripslashes($myItem) .'</li>';

Later I use JS to get the values:

$(document).on('click', '.myTerm', function() {
    var thisTerm    = $(this).text();
    var description = $(this).attr('data-desc');
    var descNoHTML = description.text();
});

descNoHTML seems to be breaking code if there are HTML elements like links inside the text.

santa
  • 12,234
  • 49
  • 155
  • 255
  • Can you provide a sample of `$myHTMLdescription` that breaks it? How does it break, error message, display, JS functionality, etc? – chris85 Oct 04 '16 at 19:56
  • As I can see you are getting your `html` from the `data-desc` and of course if you do description.text() the code is breaking because you probably will get the text of the first available html element which has a text inside it. You can not convert an `html` to text(). This function is not made for this purpose. – Franco Oct 04 '16 at 20:01

3 Answers3

0

Decode the encoded string using js

function decodeEntities(encodedString) {
    var textArea = document.createElement('textarea');
    textArea.innerHTML = encodedString;
    return textArea.value;
}
$(document).on('click', '.myTerm', function() {
    var thisTerm    = $(this).text();
    var description = $(this).attr('data-desc');
    description  = decodeEntities(description );
    var descNoHTML = description.text();
});

Before asking any question directly, you should try to search for the same. There might be answer of your question. I think this link is helpful for you.

Community
  • 1
  • 1
Ahmad Asjad
  • 825
  • 1
  • 8
  • 29
0

htmlspecialchars is for escaping characters in the main part of the HTML. For example, <, > and & are special characters in HTML. They can be escaped as &lt;, &gt; and &amp;, respectively.

But the double-quotes for an attribute are a completely different environment. <>& are not special characters. The only special character is ". See https://www.w3.org/TR/html-markup/syntax.html#syntax-attributes . Actually I hadn't realised until now that you can't escape double-quotes, but that's what the spec says. So if you want to do it properly you'll have to escape them yourself, using an encoding of your choice, then unescape them when you read the attribute.

We can't use \" for ", because " isn't allowed at all. Let's encode " as %q. Then % is a special character, so let's encode it as %p. Your line of PHP then becomes:

$myEscapedHTMLdescription = str_replace(array('%', '"'), array('%p', '%q'), $myHTMLdescription);
echo '<li data-desc="'. $myEscapedHTMLdescription .'" class="myTerm">'. stripslashes($myItem) .'</li>';

See http://php.net/manual/en/function.str-replace.php . Then in the javascript you have to decode it:

var description = $(this).attr('data-desc')
    .replace(/%q/g, '"')
    .replace(/%p/g, '%');

This is mostly untested (I don't have PHP installed here), so there may be typos.

David Knipe
  • 3,417
  • 1
  • 19
  • 19
-1

try:

var descNoHTML = $(description).text();
Running Buffalo
  • 1,243
  • 2
  • 9
  • 17