Unwanted characters using jquery + php

Asked

Viewed 43 times

0

I have a small problem, when I use the jquery append to display elements returned from a php query.

Note: this is not the full append, it is a little extensive and I put only the part I need you to see.

$("#topics").append('<div class="topic_sumario">'+dados.sumario+'</div>')

The summary is a field in my table of topics that is added and edited with a textarea using tinymce, the problem is that when the append displays the summary it is showing all html tags coming from tinymce, example:

inserir a descrição da imagem aqui

It’s like I’m not recognizing the tags and displaying everything as a string

I want you to recognize all the formatting tinymce does, such as Bold, Italic, or the embed of a video etc... but the way it is will not work

  • console.log(dados.sumario); shows what ? What information was actually stored in the database table ?

  • In the comic all is stored in utf8: "&#60;p&#62;test of &#60;Strong&#62;tags&#60;/Strong&#62;&#60;/p&#62;" and the console.log displays exactly what is in the @Isac comic

  • &#60; is the same thing as &lt; so it’s just the representation of the character < and not the character itself. If you want you can literally replace what comes from the bank with replace but be careful that this can be dangerous when it comes to attacks XSS, that is, assuming that it is the user who inserts data into this table

  • But what are my options then beyond that? @Isac

  • 1

    The reason why characters are stored as &lt; and &gt; instead of < and > is to prevent such attacks. If you are sure that you only have non-hazardous tags on the data (<script> would be one of the dangerous) so it is safe to do $("#topics").append('<div class="topic_sumario">'+dados.sumario.replace(/&#60;/g, '<').replace(/&#62;/g, '>') +'</div>')

  • The answer below did not resolve?

  • @In fact, I forgot to put as resolved.

Show 2 more comments

1 answer

1


Use this native function of PHP: html_entity_decode()

Ex.:

<?php
    echo html_entity_decode('&#60;p&#62;teste de &#60;strong&#62;tags&#60;/strong&#62;&#60;/p&#62;');

    // Saída: teste de tags

I recommend that you read the function documentation, because there are other extremely important parameters to be passed, since they define the charset of the conversion and how the quotation marks and apostrophes will be treated.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.