0

I am attempting to store HTML tags that contain "" and '' in a html inputs value but this escapes the HTML inputs value and displays the HTML on the page rather than being stored in the inputs value for me to then submit.

What is happening is that the "" and '' inside the HTML tag is closing the existing "" and '' causing the issue.

I have tried using escape and adding slashes neither solution works.

<input type="hidden" name="name" id="id1" value="<p><span style="font-family:'Noto Sans JP';">Enter text here.</span></p>"/>
David Benz
  • 49
  • 6
  • add a `\\` (backslash)? can you show the code? – depperm Sep 15 '21 at 15:14
  • 1
    Please show your code. – Ry- Sep 15 '21 at 15:14
  • alternate "" and '', i.e. a.innerHTML = "
    "     – yih613 Sep 15 '21 at 15:15
  • _"and stack overflow is not letting me paste an example since it is also escaping the string im trying to type."_ - not if you properly format it as code. https://meta.stackoverflow.com/questions/251361/how-do-i-format-my-code-blocks – CBroe Sep 15 '21 at 15:17
  • 1
    Write the double quotes as their HTML entity counterpart instead, `"`. And `<` and `>` should rather not occur there directly either, but be replaced with `<` and `>`. (If you are creating this output on the server side in PHP, the correct function to take care of this would be `htmlspecialchars`.) – CBroe Sep 15 '21 at 15:19
  • [HTML attributes](https://html.spec.whatwg.org/multipage/syntax.html#attributes-2) do not support backslash escaping. You can use [character references](https://html.spec.whatwg.org/multipage/syntax.html#character-references) inside attribute values (but not attribute names) to include any special characters except for ASCII carriage return. You can include double quotes inside single quoted attribute values and vice versa. Note that unquoted attribute values have been frowned upon for so long that they mostly go unused. – traktor Sep 16 '21 at 02:04
  • @traktor how would the CR (or LF) be a problem? It might not make the most sense for plain text fields, maybe, but if you wanted to submit a given text using a hidden field, then putting a ` ` or ` ` into the value for line breaks works fine. – CBroe Sep 16 '21 at 06:53
  • I'm quoting from the standards: the paragraph after *[Character references](https://html.spec.whatwg.org/multipage/syntax.html#character-references)`>`Hexadecimal numeric character reference* states "The numeric character reference forms described above are allowed to reference any code point excluding U+000D CR, noncharacters, and controls other than ASCII whitespace". ASCII LF is recognized as white space so it should be ok. When in doubt test the attribute on an element and inspect it in console tools to see how the browser parsed it. – traktor Sep 16 '21 at 08:13

0 Answers0