Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Isaac Clark2015-11-02 21:36:13
JavaScript
Isaac Clark, 2015-11-02 21:36:13

How to create an HTML editor in JavaScript?

Hello. A question.
If you create your own online html editor, then if the user writes something like this in it:
<h1>Hello, World!</h1>
Then you need to markup, that is, show the text as h1.
but the problem is that if the user writes the following:
<script>alert('xss')</script>
Then this code will naturally execute, which is not good.
As an option: this is replace to look for the script tag and replace its brackets with entities or escape them.
But is this option correct? perhaps there are options or your suggestions are much better than this?
Thanks for your help and your time.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Adamos, 2015-11-02
@Adamos

And if the user writes the same command in the console and it is executed in his browser? Horror-horror!

Report
K
keslo, 2015-11-02
@keslo

<script>alert('xss')</script>
So this is what an xss attack on a site looks like! Thanks, now I know.

Similar questions
S
Sergey Nizhny Novgorod2017-03-24 16:49:17
How to get the last element as fast as possible in Django? 1Reply
K
Katie Divs2015-03-25 18:17:53
Why doesn't search work in Sublime 3? 2Reply
R
Rain Summers2015-04-07 12:24:11
phpstorm. How to disable non-disabled "Inspections: cannot resolve file"? 5Reply
N
nekiystranger2019-09-05 11:27:01
TurboHD over one cable? 1Reply
F
freestm2017-04-07 22:31:58
How to transfer the execution of the program to the server? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question