I've been working on a php guestbook, and I'm planning for a forum in the future, but I know that allowing HTML is a major security risk, but I would still like to allow users to customize their posts. Does anyone know how to disallow HTML, javascript, etc. but allow a custom code, such as the vB code here?Try looking up str_replace()
on PHP.net; you can use this to
replace one thing with another;
i.e. [ b ] = < b > (I put spaces due to forums)..
Also you can use striptags() I believe
it is, to strip out all HTML/JavaScript/etc
Another option is to create bbcode like stuff. Like on here when you type [img ] url[/img ] ...it does the equivelant of <img>url</img>
You could create that with some regular expressions, where it would search for the bbcode and convert it to the html equivelant, but not actually allowing them to post html.
I hope that made sense, if not, I can phrase it differently.htmlspecialchars() (<!-- m --><a class="postlink" href="http://www.php.net/manual/en/function.htmlspecialchars.php">http://www.php.net/manual/en/function.h ... lchars.php</a><!-- m -->) could be your best friend for disallowing standard html.OK, this is all very helpful! Thank you very much. :samurai:Just ask if you have any other questions..if we can't help, someone surly can
on PHP.net; you can use this to
replace one thing with another;
i.e. [ b ] = < b > (I put spaces due to forums)..
Also you can use striptags() I believe
it is, to strip out all HTML/JavaScript/etc
Another option is to create bbcode like stuff. Like on here when you type [img ] url[/img ] ...it does the equivelant of <img>url</img>You could create that with some regular expressions, where it would search for the bbcode and convert it to the html equivelant, but not actually allowing them to post html.
I hope that made sense, if not, I can phrase it differently.htmlspecialchars() (<!-- m --><a class="postlink" href="http://www.php.net/manual/en/function.htmlspecialchars.php">http://www.php.net/manual/en/function.h ... lchars.php</a><!-- m -->) could be your best friend for disallowing standard html.OK, this is all very helpful! Thank you very much. :samurai:Just ask if you have any other questions..if we can't help, someone surly can