advanced code snippet search

Posted By

wizard04 on 11/09/09


Tagged

snipplr html markdown markup


Versions (?)

--Snipplr-- Workaround: Code in Comments

 / Published in: Other
 

For some reason, Snipplr has decided not to HTML-encode < and > signs (i.e., replacing them with &lt; and &gt;) that a user inputs into a comment box, and instead strips anything that looks like a tag from the comment entirely.

So, if you enter something like `<div>test</div>` in the comment box, you would expect to see <div>test</div> in the post but you would actually end up with test.

The exceptions that I've found are <b>, <i>, <em>, <strong>, and <code> tags.

The only reliable way to get around this odd implementation is to use the code tag with its content already HTML-encoded, just like you would if you were writing your own HTML. So entering something like <code>&lt;div&gt;test&lt;/div&gt;</code> will give the expected result <div>test</div>.

Note that you will also have to replace the back-ticks with &#96;

FYI, here is the code I used to create this description itself. The same code is entered in the first comment below (note the difference where the back-ticks are used to surround this: <div>test</div>).

Expand | Embed | Plain Text 
  1. For some reason, Snipplr has decided not to HTML-encode <code>&lt;</code> and <code>&gt;</code> signs (i.e., replacing them with `&lt;` and `&gt;`) that a user inputs into a comment box, and instead strips anything that looks like a tag from the comment entirely.
  2.  
  3. So, if you enter something like <code>&#96;&lt;div&gt;test&lt;/div&gt;&#96;</code> in the comment box, you would expect to see <code>&lt;div&gt;test&lt;/div&gt;</code> in the post but you would actually end up with `test`.
  4.  
  5. The exceptions that I've found are `<b>`, `<i>`, `<em>`, `<strong>`, and `<code>` tags.
  6.  
  7. The only reliable way to get around this odd implementation is to use the code tag with its content already HTML-encoded, just like you would if you were writing your own HTML. So entering something like <code>&lt;code&gt;&amp;lt;div&amp;gt;test&amp;lt;/div&amp;gt;&lt;/code&gt;</code> will give the expected result <code>&lt;div&gt;test&lt;/div&gt;</code>.
  8.  
  9. Note that you will also have to replace the back-ticks with `&#96;`
  10.  
  11. FYI, here is the code I used to create this description itself. The same code is entered in the first comment below (note the difference where the back-ticks are used to surround this: `<div>test</div>`).

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: wizard04 on November 9, 2009

For some reason, Snipplr has decided not to HTML-encode < and > signs (i.e., replacing them with &lt; and &gt;) that a user inputs into a comment box, and instead strips anything that looks like a tag from the comment entirely.

So, if you enter something like `<div>test</div>` in the comment box, you would expect to see <div>test</div> in the post but you would actually end up with test.

The exceptions that I've found are <b>, <i>, <em>, <strong>, and <code> tags.

The only reliable way to get around this odd implementation is to use the code tag with its content already HTML-encoded, just like you would if you were writing your own HTML. So entering something like <code>&lt;div&gt;test&lt;/div&gt;</code> will give the expected result <div>test</div>.

Note that you will also have to replace the back-ticks with &#96;

FYI, here is the code I used to create this description itself. The same code is entered in the first comment below (note the difference where the back-ticks are used to surround this: test).

You need to login to post a comment.