Rich-text formatting in PHP: HTML, Markdown, rich-text editors like TinyMCE and doing it securely
HTML-код
- Опубликовано: 6 июн 2024
- PHP for Beginners course: ➤ davehollingworth.net/phpy
PHP MVC course: ► davehollingworth.net/phpmvcy
CodeIgniter 4 course: ► davehollingworth.net/codeigni...
In an HTML form, a textarea element is used to collect a sizeable amount of text. You can enter more text than a regular text input, but it's still just plain text. In this video we'll look at how to allow the user of a form to add formatting to the content. We'll also learn how to do it securely to avoid code injection. We'll look at using HTML directly, using a plain-text markup language like Markdown, and using a rich-text editor in the browser like TinyMCE.
Resources:
daringfireball.net/projects/m...
packagist.org/packages/erusev...
www.tiny.cloud/
www.php.net/manual/en/functio...
htmlpurifier.org/
Code shown in the video:
gist.github.com/daveh/b93ca07...
00:00 Intro
01:13 Allowing HTML
02:38 Markdown
05:52 Rich-text editors
10:28 Using strip_tags
12:46 Using HTMLPurifier
16:29 Summary 
Наука
Straight to the point. Very impressive. Thanks for sharing
You are born to be a teacher 🙏
thank you, this was very easy to understand
Thank you very much for this video ! It's cristal clear !
Thank you a million times over!!
love this! most relaxed tutorial ever :D
Thanks alot sir you really deserve 1m+ subs
This is awesome omg
Thank you very much boss.
Nice one 👌
Thank you very much
I was searching for adding this feature , thank you so much , Cant i add it using html and css only ? For adding it in an onion service ?
You can use markdown with HTML only in the browser, but you do need to have a markdown parser on the server to process it into HTML. If you want a rich-text editor like TinyMCE, then I'm not aware of any that don't use JavaScript I'm afraid.
@@dave-hollingworth thank you brilliant
Hey Dave thank you for the video. Quick question that’s bugging me, what’s the difference between htmlspecialchars(), htmlentities and the html purifier you’ve used?
Future video ideas: I’m not sure if you have any small crud app in your playlist ( binge watching it rn).
For example: “ Hotel booking system, car rental crud app or restaurant online ordering ) simple page with just a table, search form and a picture to explain how crud works. The secrete being “real life application”. That sort of videos appeal to many different audience.
Basically htmlspecialchars is for when you want to escape something to display it in HTML. HTML purifier is used to remove unwanted tags and attributes completely. There's a good description here: learnwebtutorials.com/difference-between-htmlentities-and-htmlspecialchars-in-php
I don't have a CRUD series right now but that's a good idea, I'll make a note of it!
Sir create a video on.. medication tracker and notification on given timeframe with php...
Always looking for video ideas - please could you be a bit more specific? I tend to prefer videos that explain a single topic, so for example "how to send notifications using SMS" for example. If you can suggest simple topics like that I'll be happy to consider a video on it! Thanks
Hi Dave!, im using twig and i notice that automatically resolve the issue with the HTML special chars, (with the | raw) incidator actived, however if i change the style attribute directly in the strong tag, it doesn't purify and appears red, my question is, how can i use the purifier library with twig, of it exists some solution with the twig templates?
There's a package here that might help: github.com/Exercise/HTMLPurifierBundle
Thanks, this is very helpful. What about stripping php?
Any PHP code wouldn't be executed as it would be sent to the browser - you could strip it using a regular expression though if you wanted
@@dave-hollingworth in my application the posted data would be stored and then presented as a blog. I want to give the user some ability to script without allowing them to return any session variables or information about the host.
@@BlueDolphinBlues I'd be hesitant about giving the user script abilities - you'd have to parse the code to make sure there wasn't anything unexpected in there, which I think would be very difficult to make sure it was safe. I'm not aware of any parsers like the HTML one that allow you to strip code from PHP code. Alternatively, you could use a templating engine like Twig or something like Markdown that allow additional functionality but don't expose PHP to the user.
@@dave-hollingworth I completely agree.
Why composer ???
Composer is the easiest way to install third-party packages and their dependencies into a PHP project