[English Breakfast Tea]

When it comes to htmlspechialchar html_escape etc etc..

Would it be safe to allow users to change the text like this?

Code:

$( function() 
          {
            $( "#plc_sub_headline" ).keyup(function() {
            $("#plc_preview").contents().find("#pre_headline_title").text($( "#plc_sub_headline" ).val());
          });

[requinix]

According to the docs,

We need to be aware that this method escapes the string provided as necessary so that it will render correctly in HTML. To do so, it calls the DOM method .createTextNode(), does not interpret the string as HTML.

[English Breakfast Tea]

Hi I read

We need to be aware that this method escapes the string provided as necessary so that it will render correctly in HTML. To do so, it calls the DOM method .createTextNode(), does not interpret the string as HTML.

It doesn't' make sense to me probably because my English isn't that good.

From what I see it doesn't seem to execute javascript! maybe because it's in an Iframe.

Which is weird because it looks like script tags

[requinix]

The most important part is the "does not interpret the string as HTML" at the end.