script tags won't display in my textarea box

[eluser]diez[/eluser]
hi there,

I have a textarea box that will not display script tags when populated from the my database. ie:

blah blah blah


it will show other html tag outside of the script tags for instance: <b>hello world</b>

but for some reason if won't show script tags

any suggestions?

[eluser]Pascal Kriete[/eluser]
Are you cleaning the text in any way (xss_clean)?

[eluser]diez[/eluser]
xss filtering is turned off

could it be from when i grab it database?

cause the database outputs the script tags cause i can view my ajax response.

[eluser]Pascal Kriete[/eluser]
Ok, two things - a) are you eval'ing your ajax response? b) what do you see when you inspect the element after the ajax update?

[eluser]diez[/eluser]
you're right, i was eval'ing my ajax. ahh, thanks for the help!

[eluser]diez[/eluser]
wait...i set my eval to false and i'm not able to display my script tags. (i thought for sure the above posting would had fixed my problem)

when i inspect my ajax response, it shows my scripts tags within the textarea tags ie:

&lt;textarea cols="10" rows="10"&gt;..."&lt;/textarea&gt;

it just doesn't display the script tags when it render the html.

[eluser]diez[/eluser]
here is what my ajax response is.

Code:

<textarea name='site_pal_code' id="site_pal_code" cols="55" rows="10">
<sscript>blah blah blah some js function</sscript>
&lt;/textarea&gt;

**note** i had to spell the scripts tags wrong up above because this forum filters out the script tags for security purposes.

if i save this code directly onto my html page it will render fine and display my script tag.

it just show my script tag through my ajax request. and yes, my evalScripts var is set to false.

[eluser]Pascal Kriete[/eluser]
I'm having a hard time reproducing this error. Are you using a js library? If yes, which one?

Here's my attempt using jquery. It works perfectly.

Controller

Code:

function ajax()
{
    echo "<script>alert('hi');</script>";
}

function ajax2()
{
    $d = &lt;<&lt;HTML
&lt;textarea name="site_pal_code" id="site_pal_code" cols="55" rows="10"&gt;
&lt;script&gt;alert("test");&lt;/script&gt;
&lt;/textarea&gt;;
HTML;

    echo $d;
}

View

Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;
&lt;html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"&gt;

&lt;head&gt;
    &lt;title&gt;Test&lt;/title&gt;

    &lt;!-- Meta Tags --&gt;
    &lt;meta http-equiv="Content-type" content="text/html; charset=utf-8" /&gt;
    
    &lt;script src="/js/jquery.js" type="text/javascript" charset="utf-8"&gt;&lt;/script&gt;
    &lt;script type="text/javascript" charset="utf-8"&gt;
        
        init = function() {
            $.ajax({
              url: "&lt;?= site_url('test/ajax'); ?&gt;",
              success: function(html) {
                $("#testbox").get(0).value = html;
              }
            });
            
            $.ajax({
              url: "&lt;?= site_url('test/ajax2'); ?&gt;",
              success: function(html) {
                $("#testdiv").html(html);
              }
            });
        }
        
        $(document).ready(init);
        
    &lt;/script&gt;    
&lt;/head&gt;

&lt;body&gt;
    &lt;form action="test_submit" method="get" accept-charset="utf-8"&gt;
        &lt;textarea name="Name" id="testbox" rows="8" cols="40"&gt;&lt;/textarea&gt;
        <p&gt;&lt;input type="submit" value="Continue &rarr;"&gt;</p>
    &lt;/form&gt;
    
    <div id="testdiv"></div>
&lt;/body&gt;

&lt;/html&gt;

[eluser]diez[/eluser]
i'm using prototype and scriptaculous.

if i can't figure out shortly i will use your method with jquery.

thanks for your help and effort though. very much appreciated.

[eluser]diez[/eluser]
i figured out what my problem was,

all i had to do was this:

Code:

<textarea>
   &lt;?= htmlspecialchars('<sscript>blah blah blah</sscript>'); ?&gt;
&lt;/textarea&gt;