use \n
and then after fetching the data from the database and prior to outputting it, replace all the \n
with <br />
.
This way you are still safe for XSS
, and you have full control over the output.
How to add a line feed in html without using <br> or other tags
Question
When processing a html form, I need to append some text to a text field before saving it to database. To make it prettier, I need to add a line feed in between:
userText = userText + "<br>" + appendedText;
# save userText in database
The problem is,when fetching the text to render web page, for protection agains XSS, I need to escape text from database before rendering. Thus, <br>
in userText is rendered as <br>
instead of a line feed.
So I am wondering if there is any other way to produce a line feed other than <br>
?
I have tried "\n" "\r\n", and " ", none of them work.
Also, the appended text is in the same element with original text, so css with 'display:block' is out of the question.
Solution
OTHER TIPS
If you are using javaScript to get the form values you can easily use "\n"
to add a new line to the value you want to save;
var toSave = FormValue + "\n\n" + "extratext";
Demo here