Just say no... to BB tags!

    Date: 02/18/05 (PHP Community)    Keywords: php, html

    It's a common practice when implementing a system requiring content submission that might include html tags, to strip the input fields of all html and get the users to use psuedo-tags instead, such as [ b ] instead of < strong > which will be replaced by the content-view script. This serves it's purpose by removing any mallicious code from the input text. It also limits the extent to which a user can alter the appearence of their submission, eg unable to post IFRAME or MARQUEE tags.

    The downside to this method is that it needs the user to adapt to a modified and often custom tag system. It is also cumbersome code as you are having to do a lot more work than necessary, coding a set of tags and ways to parse them etc.

    Enter PHP's strip_tags function. It is likely you will already be using this library function to remove unwanted html (possibly along with htmlspecialchars). But you might not know strip_tags has an optional argument of allowed html tags. Using this function with an array passed in of "safe" html tags you can easily save yourself a lot of hassle and allow the user to operate within the realm of proper-html instead of some new tag set!

    Not sure if this will help anyone but I found it very useful in my own projects... enjoy!

    Source: http://www.livejournal.com/community/php/262371.html

« ftp || help with php db connect »

antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home