dcsimg

I have a jsp with a textarea field. The user can enter any text inside that . The problem here is when the user enters any html tags inside that ,then the format of the output is changed .So I want to restrict the user / remove the html tags inside the textarea .

Created May 7, 2012

cem tekin

hi there,

nice to see people thinking in similar ways. my solution to the problem was to write a class that handles the text when retrieving from the database.

the input for textarea is inserted with a special formatting and the class checks for this special formatting - which is #<#textarea#># and #</#textarea#># - and cleans the tags for use in html. obvoiusly the way the tag stored in the db is not changed.

here's the class:

public class TagFormatter
{
  public String formatString(String theString)
  {
    String mainString = theString;

    int startOTag = -1;
    int endOTag = -1;
    int startCTag = -1;
    int endCTag = -1;
    int lastTag = -1;
    int length = mainString.length();
    String newString = "";

    startOTag = mainString.indexOf("#<#");

    if(startOTag > 0)
    {
      lastTag = mainString.lastIndexOf("#>#");

      endOTag = mainString.indexOf("#>#");
      startCTag = mainString.indexOf("#</#", endOTag);
      endCTag = mainString.indexOf("#>#", startCTag);

      newString = mainString.substring(0, startOTag);
      newString = newString + "<" + mainString.substring(startOTag + 3, endOTag) + ">";
      newString = newString + mainString.substring(endOTag + 3, startCTag);
      newString = newString + "</" + mainString.substring(startCTag + 4, endCTag) + ">";

      while(endCTag < lastTag)
      {
        startOTag = mainString.indexOf("#<#", endCTag);
        endOTag = mainString.indexOf("#>#", startOTag);

        newString = newString + mainString.substring(endCTag + 3, startOTag);
        newString = newString + "<" + mainString.substring(startOTag + 3, endOTag) + ">";

        startCTag = mainString.indexOf("#</#", endOTag);
        endCTag = mainString.indexOf("#>#", startCTag);

        newString = newString + mainString.substring(endOTag + 3, startCTag);
        newString = newString + "</" + mainString.substring(startCTag + 4, endCTag) + ">";
      }

      newString = newString + mainString.substring(endCTag + 3);

      return newString;
    }
    else
    {
      return mainString;
    }
  }
}
now, you can reengineer this class and forbid the textarea entry.

hope this helps.

cem.