A friend asked me a question, and I wanted to help but finally I thought it is better to expose the problem in order to have advices.
Situation: let's say there is a Form, embedding a kind of RichText item: DHTMLX RichText (https://dhtmlx.com/docs/products/dhtmlxRichText/). This RichText allows users to format their texts and the function in the API to retrieve the value of the RichText is sending not only text but also all HTML tags that goes with it. For example, values like:
"<p>TEST </p><p style=" text-align: center;">Line 1<br>Line 2</p><p><strong>END</strong></p>"
During the "process" of the Form, the text entered in the RichText is stored in an object like this (for example):
{
"identifier_1":"id_value_1",
"identifier_2":"id_value_2",
"uservalue": "richtextvalue"
}
where "richtextvalue" is the value of the RichText .
In addition, it is very possible that people that would use that Form would also copy/paste some texts formatted in Word, and so, we would get any king of other tags from this action.
All this has to be passed to the DB via Ajax/JQuery and/or sent back from the DB to the Form.
Question: What is the best practice in order to "clean" the value from the RichText in order to avoid any trouble and always get a valid JSON string, but also keep the HTML tags?
Currently, I tested with encodeURIComponent / decodeURIComponent, which seemed to work as expected on few tests. But, is it correct or enough?
Thanks!
