I am using both plain textarea and CLEditor in my website at the same page for same attributes.
So when the user use text area(simple mode), they can ONLY input plain code.
when the user use CLEditor(complex mode), they can, of course, input html codes.
I can’t use htmlspecialchars() in this situation since it will convert all html tags in CLEditor into <div>user input</div>…
I can’t use htmlpurify in yii either since it will not allow user input something like <sript> at all…
What should I do?
- Is there a way that I handle the user’s input differently when they are using CLEditor / plain text area? They are in the same view page and controller by jQuery now.(Hide complex by default).
3.OR Is there a way I can htmlspecialchars() the text area input in the _form without in the controller?
3.OR Is there a way I can display html tags <script> without excuting it?