It sounds like your asking how would you save “rich-text”, which is where a user can write down text that is “fancy” or formatted into a database.
Your right in that you could just take whatever the user wrote and save it into the database as a giant string in a specific format. That format could be the actual HTML, or another format, for example markdown, which is what this forum uses, or something like your own data-type that boils down into complex objects that could be represented as JSON objects.
Regardless your still just saving large amounts of text as “some format” that gets parsed at some level and rendered to end-users. Taking this forum as an example, you write your comment in markdown, but it gets rendered as HTML for all to see.
However something like Google Docs has you write down “rich-text” in some “Google format” that gets saved as JSON to represent your document data. This data could be seen if you try to interact with Google Docs via a programming API as well.
The nice part about using something like markdown, is that this job is done for you. There are plenty of ways to parse markdown, and rendered to individual platforms outside of just HTML.
However the issue with this is writing markdown is limited to that specific spec. There are other specs for different use-cases, like Latex, which is used in academia. Or if your user’s don’t want to learn that
** creates bold-text, then you might need to “hide away” the data into an object, which is what Google Docs does, or what some rich-text editors do for you.
Generally, unless you want to create your own format of data you’d leverage one of these tools.
Finally its worth pointing out that there is a key security issue you must pay attention to when doing something like this, and thats XSS, or Cross Site Scripting. This is where a malicious user can “run-code” on other peoples browser by injecting their own code via these “input-boxes” that are then rendered.
If for example we take this forum, I write the following code in my message:
and post my message, and the forum has 0 XSS precautions, any user who comes and “sees” my comment would then execute that as HTML/JS and “get hacked”. This code is benign, but could represent actually malicious code.
The correct way to prevent this is sanitization. Sanitization if the above code isn’t saved or “ran” as HTML and instead is just text of HTML and safe. This should be done before saving it into your database, and possibly even later when the page is being rendered (in-case it somehow didn’t get sanitized when being saved).
Most client-side libraries that can handle rendering “rich-text”, either from markdown or other formats, will provide utilities and documentation to prevent this from happening. This is also why letting users write HTML directly and just rendering it without any sanitization isn’t a good idea.