0

I've been searching for a good hour or two for this but I haven't found anything to what I'm looking for. I'm making a chat application( socket server made in Python ) and it's working fine. The main chat area where messages are stored use HTML, it just displays the username in bold along with their avatar and message. The problem I'm having is how do I stop the user from entering HTML and messing with the main chat? I'm currently using regex "/<.*?>/g" to remove HTML tags however I'd rather let the user send things like 

<p>Hi everyone</p>

but instead of parsing what was sent as HTML just normal text?

For example, right now. While a user is typing I'm using regex to remove 

<whatever>

tags as soon as they're typed. What I want is for the user to be able to type 

<b>bold text</b>

and send but not display it as bold and show the b tags.

Here's what "mainChat" text box looks like http://prntscr.com/46hd4t, this stores all messages Here's what "chatMessage" text box looks like http://prntscr.com/46hdc6, this is where the user writes their message

user2601312
  • 39
  • 6

1 Answers1

1

Sites such as reddit and Stack Overflow use a standard called markdown for editing text that takes care of these issues. Some popular options for markdown editors include WMD, markitup and Epic Editor. Just Google markdown there are many options to choose from.

Tim McDonald
  • 1,212
  • 1
  • 10
  • 13
  • That's not what I wanted, I want any HTML the user gives to just display as text but I'm not sure how to do this since messages are stored inside a htmltext box. – user2601312 Jul 26 '14 at 10:15
  • @user2601312 I don't understand if you aren't allowing the users to do any formatting of the text what's wrong with your current approach of just removing anything wrapped in < & > – Tim McDonald Jul 26 '14 at 10:25
  • The possibility of someone sharing code make it unattractive to me, also if what I want is possible it'd be useful for future projects more than current. – user2601312 Jul 26 '14 at 11:05
  • 1
    Since trying to answer this originally I discovered the markupsafe module which can be used to make a string that has markup JS and HTML in it safe for display in a web page. – Tim McDonald Jan 03 '15 at 08:12