TechQA.

How to show the content from RichTextArea.getHMTL() in a div properly?

184 views Asked by At

If pasting an image into RichTextArea,then.getHTML(),it will return a escaped html string like this:

"<img src="http://www.example.com/images/n1.png" border="0" height="75" width="199">"

then if 

div.setInnerHTML(escaped html string),

it will be shown as plain html:

<img src="http://www.example.com/images/n1.png" border="0" height="75" width="199">

not expected result:an image,and other html content has this issue,for example,if inputing this content to RichTextArea:

<script>alert("evil xss");</script>

then getHTML() will return:

<script>alert("evil xss");</script>

and then div.setInnertHTML(escapted html),it will be shown as

&lt;script&gt;alert("evil xss");&lt;/script&gt;

not expected content:

<script>alert("evil xss");</script>

So,how to show them properly?

gwt xss richtextarea
Original Q&A
1

There are 1 answers

3
Alex Rogachevsky On

Use HTML (which is rendered as div) and assign it as SafeHtmlString.

Related Questions in GWT

Related Questions in XSS

Related Questions in RICHTEXTAREA

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions