Use HTML entities
<input type="text" value="Hello I said "Your my friend" isn't that nice?">
Domanda
Given a form input field for example <input type="text" value="xxxxx" name="something">
Given a string let's say Hello I said "Your my friend" isn't that nice?
How do I safely enter the given string as the value where 'xxxxx' is in the input tag above?
Doing a straight substitution would cause this:
<input type="text" value="Hello I said "Your my friend" isn't that nice?">
As you can see the end result is not coherent. The value is now Hello I said
there is a bunch of improper text, than another string, not good.
How do you safely enter strings of unknown or potentially unsafe characters into these kinds of HTML attributes?
Soluzione
Use HTML entities
<input type="text" value="Hello I said "Your my friend" isn't that nice?">
Altri suggerimenti
There are couple solutions and you can choose the one you like:
Hack:
1. You can simply use the ' character for the outer quotes and safely use the " character for the text inside. <input type="text" value='this "should work"' name="something">
Proper way: 2. Encode the character according to HTML character references HERE
"<input type="text" value="this "should work"" name="something">
or <input type="text" value="this "should work"" name="something">