1
I just found the tag contenteditable and I’m using it in my projects.
What good practices should I have regarding security, since this tag makes possible colar anything in its original form, bugging the site in certain cases.
I use Javascript, and I would like to warn against mainly defacing the page.
A good practice is not to use it, in my opinion of course. I have discovered some case that is better to use it than to use one
textareaorinputthat already serve to have the content edited ? Think of the other side also, think that an ordinary user will know that thecontenteditablehe can click to edit - and edit what ? - and for him it will always seem like a fixed text ? I think the end user malemar can use a text field the way I expect, imagine the problem that would not be with a field of this type ?– William Novak
@Williamnovak I agree that it is not good practice to use the attribute
contenteditable, but it is for another reason: because there is no eventonchangeor something like that. The only way to detect if the text has been modified is by usingrequestAnimationFrameorsetTimeout.– Klaider
if the page data is going to be launched on the server, then do a content filtering, if what is being sent respects the imposed standards, so you don’t have to worry about someone editing html or css, or anything else, because this will only be changed on the same pc as edit
– Murilo Melo