Quotes in HTML snippets

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • wald
    #1

    Quotes in HTML snippets

    Hi group,

    I've set up an agenda-like system where "admins" can enter upcoming
    events, including a description of the event. This description can
    include HTML formatting and is entered in a <textarea>.

    The problem I'm facing is this: suppose an "admin" enters a description,
    but one of the attributes of a HTML tag doesn't have a closing double
    quote.
    An example:

    <div class="summaryd iv>
    Short admin-written summary of the event...
    </div>

    Now, they submit the event. The page that lists the events just picks
    this description up from the database and puts it in a <ul> list. Of
    course, the unmatched quote causes _all_ subsequent HTML code to be
    considered part of the description, until by chance a next double quote
    is encountered. You can imagine this gives horrible and unpredictable
    results for the news page.

    I'm thinking of a few possibilities to solve this:
    * some sort of a regex check on the description, before it is submitted
    to the DB
    * simply counting the number of double quotes between < > delimiters,
    the number should be even
    * ...?

    What do you experts think? Any suggestions?

    Thanks in advance,
    Wald
    Tags: None
    • John Dunlop
      #2
      Re: Quotes in HTML snippets

      wald wrote:
      [color=blue]
      > I've set up an agenda-like system where "admins" can enter upcoming
      > events, including a description of the event. This description can
      > include HTML formatting and is entered in a <textarea>.[/color]

      OT: forget "HTML formatting" -- there's no such thing.
      [color=blue]
      > The problem I'm facing is this: suppose an "admin" enters a description,
      > but one of the attributes of a HTML tag doesn't have a closing double
      > quote.[/color]

      [ ... ]
      [color=blue]
      > I'm thinking of a few possibilities to solve this:
      > * some sort of a regex check on the description, before it is submitted
      > to the DB[/color]

      AIUI regular expressions alone can't accomplish that.
      [color=blue]
      > * simply counting the number of double quotes between < > delimiters,
      > the number should be even[/color]

      No, that won't work either. There's no requirement in HTML for a
      start-tag to contain an even number of double quotes.

      [ ... ]
      [color=blue]
      > What do you experts think? Any suggestions?[/color]

      I suggest you reconsider interpreting the data as HTML. What happens
      when a naughty "admin" (I suppose the quotes are necessary) enters
      <IMG src="http://domain.example/rudepic">?

      If you insist though, consider using a parser to catch those syntax
      errors; apparently HTML Tidy, http://www.w3.org/People/Raggett/tidy/ ,
      can flag missing quote marks. Catching semantic mistakes might be
      harder.

      Have a great weekend sir!

      --
      Jock

        Comment

        Previous template Next
        Working...