Wikipedia:Reference desk/Archives/Computing/2021 November 17
| Computing desk | ||
|---|---|---|
| < November 16 | << Oct | November | Dec >> | November 18 > |
| Welcome to the Wikipedia Computing Reference Desk Archives |
|---|
| The page you are currently viewing is a transcluded archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages. |
November 17
editContenteditable attribute in HTML
editThe web application I am developing at work needs the user to be able to edit strings of text that are then stored in the database. The design of the UI shows that the user should be able to edit normal text "in place", without using a separate edit box.
From what I've found on the Internet, this could be done by placing the text in a div element with a "contenteditable" attribute set. But there are some questions.
I specifically want to avoid HTML or JavaScript injection. Whatever the user types into the element should stay as plain text and not interfere with the actual HTML elements. Is there a guarantee for this? Also, what happens if the content in the div element includes HTML elements to begin with? JIP | Talk 23:11, 17 November 2021 (UTC)
- If code injection is a risk, the client's browser is broken. There is no hard guarantee that all web browsers out there behave as they should. But how is the user-supplied input transmitted from their browser to the server side? --Lambiam 16:08, 18 November 2021 (UTC)