You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

How to safely display a tag

Accepted answer
16
Views
4
Comments
edited Nov 15, 2019 11:05AM in Customer Portal 4 comments

Content

In my custom object, in one field I have the following code: <script>alert(1);</script>

I would like to present this in a contenteditable (https://developer.mozilla.org/en-US/docs/Web/API/HTMLElement/contentEditable) without triggering the alert (XSS in general), displaying <script>alert(1);</script> and not displaying &lt;script&gt;alert(1);&lt;/script&gt;

I've gone through htmlspecialchars_decode, html_entity_decode etc but I can't suss out what's needed

The way the data is stored is as such:

<span class="pln" style="margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: inherit; font-stretch: inherit; line-height: inherit; font-family: inherit; vertical-align: baseline; box-sizing: inherit; color: rgb(48, 51, 54);">$objective </span><span class="pun" style="margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: inherit; font-stretch: inherit; line-height: inherit; font-family: inherit; vertical-align: baseline; box-sizing: inherit; color: rgb(48, 51, 54);">=</span><span class="pln" style="margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: inherit; font-stretch: inherit; line-height: inherit; font-family: inherit; vertical-align: baseline; box-sizing: inherit; color: rgb(48, 51, 54);"> RNCPHP\objectives</span><span class="pun" style="margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: inherit; font-stretch: inherit; line-height:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!