I am using CKEditor for the user to enter text and I am saving the text to a DB.
Everything works fine except:
If the user enters "<script>alert('hello world');</script>" and clicks save the following gets saved to the DB
<p> <script>alert('Hello World');</script></p>
This is fine, however if the user brings the record back up and clicks save it will then save as
<p> <script>alert('Hello World');</script></p>
Now I noticed that the XHTML does display anything in the editor. Something is inside the editor but appears as blank.
- How do I render the XHTML in the editor so that it displays as the user typed it?
In the ASPX page I have:
<td colspan="2">
<textarea cols="80" id="tbxEditor1" name="tbxEditor1" rows="10"><%= strTextBoxID %></textarea>
<script type="text/javascript">
CKEDITOR.replace( 'tbxEditor1' );
</script>
</td>
In the code behind I have:
strValue = Request.Form("tbxEditor1")
Everything works fine except:
If the user enters "<script>alert('hello world');</script>" and clicks save the following gets saved to the DB
<p> <script>alert('Hello World');</script></p>
This is fine, however if the user brings the record back up and clicks save it will then save as
<p> <script>alert('Hello World');</script></p>
Now I noticed that the XHTML does display anything in the editor. Something is inside the editor but appears as blank.
- How do I render the XHTML in the editor so that it displays as the user typed it?
In the ASPX page I have:
<td colspan="2">
<textarea cols="80" id="tbxEditor1" name="tbxEditor1" rows="10"><%= strTextBoxID %></textarea>
<script type="text/javascript">
CKEDITOR.replace( 'tbxEditor1' );
</script>
</td>
In the code behind I have:
strValue = Request.Form("tbxEditor1")
Re: Displaying text from DB
I set it to.
config.htmlEncodeOutput = true;