My site and the demo from my last post are back up having passed host inspection, phew. So have a look:
Well, perhaps I can save us both some time. In putting together that demo I realized that unless quotes are escaped, it could be used by another website to make their content appear to be on your domain. But escaping quotes also prevents inline attributes.
Another drawback is - well I see your default starting code is:
But you cannot paste these as real tags into the Viewing Window, as they're invalid there. Most browsers will strip them automatically, or at the very least not respect them the way that they normally are when used as intended. You would need an iframe to properly do that.Code:<html> <head> </head> <body> </body> </html>
It is tempting. The contenteditable division allows you to enter tags and text, the other division could be used to display the result. All of this with minimal coding required - provided of course you have a host with PHP enabled.
There already is a script for this sort of thing though:
Last edited by jscheuer1; 02-17-2012 at 12:51 PM. Reason: add info
http://jscheuer1.comli.com/postedit/postit_2_h.htm are you saving the file to the server when you click update? Because if you were you ould just use an Iframe...
I hope that explains most of it.
Well, you cannot do this on my version because quotes are escaped. But if they were not, you could paste into the Edit Window:
You have me though on the other point. You could have a preview in the View Window without the invalid tags while at the same time saving the tags to a separate file where they could be valid, or you could just save to a separate file and show that in an iframe as a preview.
I'd have to think about that one because it might fix the other problem. If the PHP file only writes to a file that shows in an iframe, that might remove the threat. As long as that file couldn't self execute and wasn't a PHP file, it should be fine.
But that's pretty much what that other script does. Except it doesn't save a file. It just writes to the iframe document. Saving a file would be nice if you wanted your users to be able to download their work.
I'm still not 100% sold on this. But tell me more of what you are envisioning.
Very well then.
Also I intend on adding more features at a future time. I just need help with the basic structure of the editor(mainly the ajax).
I hope that is enough to convince you
If its for a live web tool, I think there's CMS setups that include that sort of thing. You should checkout:
It's WYSIWYG, but I'm sure it must have text editing mode.
All that said, I'd be happy to provide you with AJAX tips in response to specific questions.
Thanks for your reply. I'd still like to have a go at this so I'm going to leave this thread as not resolved for a little while incase I run into any big problems. Could you please post/email/pm me the code for this page. (and the relivent php). I'd like to have a fiddle with it because it should answer this thread.
Thanks for your time
You can get the source code of the page with your browser's 'view source'. It's a plain HTML page, all the script code on it is on the page except for the linked in jQuery library, which is hosted on Google. Here's the source code of the PHP page (postedit.php):
$field1value = isset($_POST['field1value'])? $_POST['field1value'] : '';
Just had a thought. If the only problem with quotes being enabled was document.write couldn't you just search the #window1 for document.write on the php page and if it returns true just write an alert. It would be a lot less restrictive than disableling all quotes.