Editable region of textarea type is used to allow users to input multiple lines of text. It is suitable for inputting multiple lines of unformatted text (i.e. not requiring HTML tags) although the user can format the text by manually adding HTML tags to the input.
For this type, Couch creates a multi-line textbox for data input.
An editable region of textarea type can be defined this way -
<cms:editable name='prop_desc' label='Description' desc='Enter description of property here' type='textarea'> Condo pricing starts at just under $700,000. Waterfront Private Residences. Jack Nicklaus Signature Golf Course. </cms:editable>
The code above will result in -
The default type of an editable region is text. Hence if the code example given above were to be written without explicitly setting the type parameter, the result would have been just the same. Thus -
<cms:editable name='prop_desc' label='Description' desc='Enter description of property here' > Condo pricing starts at just under $700,000. Waterfront Private Residences. Jack Nicklaus Signature Golf Course. </cms:editable>
will result in an identical textbox.
<cms:editable name='prop_desc' label='Description'
desc='Enter description of property here' />
The contents of this region can be accessed, as with all other editable regions, by using the variable named after it -
<cms:show prop_desc />
In addition to the parameters common to all the types of editable regions, textarea accepts the following parameters
The dimensions of the textarea can be changed by setting the width and height parameters. For example, the following will make it 400px wide and 200px high -
<cms:editable name='prop_desc' label='Description' desc='Enter description of property here' width='400' height='200' />
XSS (Cross Site Scripting) is a type of Web Application vulnerability which is caused by user managing to inject malicious script code into a webpage. Couch, by default, sanitizes all user input and that includes all inputs through all types of editable regions.
In some cases though, you'll wish to allow your user to input Javascript code, or even script containing Couch tags, into an editable region. This could be, for example, when you have created a textarea type editable region into which the user is supposed to enter his Google AdSense code. In such cases, to instruct Couch to leave the input alone and not to sanitize it, set the no_xss_check to '1'. As an example -
<cms:editable name='my_adsense' label="Adsense Code" desc="Enter your Adsense code here" height='100' no_xss_check='1' type="textarea" />
Without the no_xss_check explicitly set, Couch would disable all Javascript code contained within the AdSense code and thus make it useless.