Posted by Richard Davey on 07/09/05 21:22

To follow-up my own post... which is sad I know, but hey...

Saturday, July 9, 2005, 7:08:37 PM, I wrote:

RD> The difference is the extra hoops your reg exps will have to jump
RD> through, and have to jump through perfectly. You will have to disallow
RD> all <'s and >'s, but do allow them for <i>, <b>, etc etc. Then check

I forgot to add that BB style codes come into real use for things a
little more advanced than <i>. For example [red] to colour some text.
If you wish to allow this in HTML format you can either invalidate
your XHTML and allow <font> tags, otherwise allow spans with embedded
CSS?! Even if you do allow <font> you're then parsing for color="" and
nothing else, with potential variable width colours. After a short
while you'll find yourself having to write an HTML validator tool (and
I'm sorry but I have *never* seen one that worked flawlessly yet).

Best regards,

Richard Davey
--
http://www.launchcode.co.uk - PHP Development Services
"I do not fear computers. I fear the lack of them." - Isaac Asimov

• Next in forum: RE: [PHP] if(true && false) //??
• Prev in forum: Re[4]: [PHP] Re: Security, Late Nights and Overall Paranoia
• Thread view: Re[5]: [PHP] Re: Security, Late Nights and Overall Paranoia

[Reply to this message]