Reply to Re: open html tags

Your name:

Reply:


Posted by Jukka K. Korpela on 09/24/07 17:45

Scripsit ffreino@gmail.com:

> I have a web page where users can post messages and these are printed
> on a board.

Why, oh why? If you don't know how to handle HTML input, treat the input as
plain text. This might be a good idea even if you knew how to handle HTML
input.

> Sometimes, when a user send a message with a open tag, for
> example:
>
> This is my message in <b>bold</b> and <i>italic</i> and this is a open
> <a href='http://domain
>
> produces a problem in the rest of the page (when they are printed on
> the board)

Not a big surprise. If you don't check the input, disaster may result, and
on the Internet, this means that disaster _will_ result. You haven't got
nasty <iframe> viruses and <embed> annoyance and lots of <a> spam _yet_, I
suppose.

> I have tried to wrap messages in a <table>, <div> or <span> but this
> problem persists.

What made you think such tricks could possibly help?

> Is there any way to avoid this?

Do you really need the input possibility? Why? What does it contribute,
really, that everyone and his dog and robot can puke on your page?

If you really need it, does it need to allow HTML format?

If yes, then stay tuned to some hard work. You would need to define the
syntax of HTML you really want to accept (say, <b> is fine, <iframe> is not,
etc.), parse the input to check that it is followed, and process it
accordingly. You might be able to find existing software for this, but
checking whether some software really does the job may well be more work
than writing such software. (If you don't know how to write such stuff, in
principle that is, then you're really not qualified to evaluate existing
software in this issue, even at the simple level of deciding whether it's
useful or yet another Troyan horse or something like that.)

> I think I could fix the problem using
> frames or something like that but I think there should be a smarter
> way.

Frames are part of a problem, not a solution.

--
Jukka K. Korpela ("Yucca")
http://www.cs.tut.fi/~jkorpela/

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация