You always want to HTML-encode things inside HTML attributes, which you can do with htmlspecialchars: <span title=”<?php echo htmlspecialchars($variable); ?>”> You probably want to set the second parameter ($quote_style) to ENT_QUOTES. The only potential risk is that $variable may already be encoded, so you may want to set the last parameter ($double_encode) to false.
For modern browsers you should use: document.getElementById(“myspan”).textContent=”newtext”; While older browsers may not know textContent, it is not recommended to use innerHTML as it introduces an XSS vulnerability when the new text is user input (see other answers below for a more detailed discussion): //POSSIBLY INSECURE IF NEWTEXT BECOMES A VARIABLE!! document.getElementById(“myspan”).innerHTML=”newtext”;
You cannot serialize file API object. Not that it helps with the specific problem, but … Although I haven’t used this, if you look at the article it seems that there are ways (although not supported yet by most browsers) to store the offline image data to some files so as to restore them afterward … Read more
With CSS grid you can consider the use of max(width, 100%/N) where N is the maximum number of columns. If the width of the container increases, 100%/N will for sure be bigger than width, thus we won’t have more than N elements per row. .grid-container { –n: 4; /* The maximum number of columns */ … Read more
You can either put the classes on the “row” or the “column”? Won’t be visible on the cards (border) if you use it on the row. https://getbootstrap.com/docs/4.6/utilities/flex/#align-items <div class=”container”> <div class=”row”> <div class=”col-lg-4 d-flex align-items-stretch”> <!–CARD HERE–> </div> <div class=”col-lg-4 d-flex align-items-stretch”> <!–CARD HERE–> </div> <div class=”col-lg-4 d-flex align-items-stretch”> <!–CARD HERE–> </div> </div> </div> UPDATE … Read more
After some research I have finally found your problem. <a>‘s download attribute: If the HTTP header Content-Disposition: is present and gives a different filename than this attribute, the HTTP header has priority over this attribute. If this attribute is present and Content-Disposition: is set to inline, Firefox gives priority to Content-Disposition, like for the filename … Read more
So this is old but… just in case someone finds this in a search. Just use “#/” instead of “#” and the page won’t jump.
(1) Set the tabindex attribute: <div id=”mydiv” tabindex=”0″ /> (2) Bind to keydown: $(‘#mydiv’).on(‘keydown’, function(event) { //console.log(event.keyCode); switch(event.keyCode){ //….your actions for the keys ….. } }); To set the focus on start: $(function() { $(‘#mydiv’).focus(); }); To remove – if you don’t like it – the div focus border, set outline: none in the CSS. … Read more
Use content:url(“image.jpg”). Full working solution (Live Demo): <!doctype html> <style> .MyClass123{ content:url(“http://imgur.com/SZ8Cm.jpg”); } </style> <img class=”MyClass123″/> Tested and working: Chrome 14.0.835.163 Safari 4.0.5 Opera 10.6 Firefox 100 & newer Tested and Not working: FireFox 40.0.2 (observing Developer Network Tools, you can see that the URL loads, but the image is not displayed) Internet Explorer 11.0.9600.17905 … Read more
I have used the Apache Commons StringEscapeUtils.unescapeHtml4() for this: Unescapes a string containing entity escapes to a string containing the actual Unicode characters corresponding to the escapes. Supports HTML 4.0 entities.