SitePoint Sponsor |
|
User Tag List
Results 1 to 8 of 8
Thread: Closing Tags Out
-
Dec 27, 2001, 00:58 #1
- Join Date
- Dec 2001
- Posts
- 6
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Closing Tags Out
Hi,
I have made a forum of my own and allow members to have signatures. However, if they mess up the HTML in the signature, the rest of my page gets messed up, as they maybe forgot to close out a tag or something of that nature. Any suggestions on how to deal with this? (besides not allowing HTML in the signatures which is what I'm doing now...)
I'm sorry if this has already been asked, I searched and couldn't find anything specific to this. Thanks for any help!
-
Dec 27, 2001, 07:29 #2
Fraid not. If you're gonna grant your users that kind of freedom then you're essentially trusting them to know what theyre doing. There are too many way to, for example, screw up table code to guard against it in any useable way.
Having said that there IS a PHP class available on the net that can filter out specific html tags. This might be of use to you if you want to restrict your users to basic text-formatting and deny them the use of tables and javascript and the like.
I still have the files, I can zip them up and email them if you like.THE INSTRUCTIONS BELOW ARE OLD AND MAY BE INACCURATE.
THIS INSTALL METHOD IS NOT RECOMMENDED, IT MAY RUN
OVER YOUR DOG. <-- MediaWiki installation guide
-
Dec 27, 2001, 18:01 #3
- Join Date
- Oct 2000
- Location
- Austin, TX
- Posts
- 1,438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Make your own pseudo-html and only parse the tags if the closing tag is there. For example:
$text = preg_replace("/\[b](.*)\[\/b]/Ui","<b>$1</b>",$text);
This will only turn the text bold if the closing [/b] is there. Make sure at the beginning that you convert all <'s to &lt;'sck :: bringing chris to the masses.
-
Dec 29, 2001, 02:46 #4
- Join Date
- Oct 2001
- Location
- Tucson, Arizona
- Posts
- 1,858
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
It's a security hole to enable HTML in sigs or forums at all, so I'd just turn it off.
-
Dec 29, 2001, 02:52 #5
- Join Date
- Oct 2000
- Location
- Austin, TX
- Posts
- 1,438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
What makes it a security hole?
ck :: bringing chris to the masses.
-
Dec 29, 2001, 02:53 #6
- Join Date
- May 2001
- Location
- Sydney, Australia
- Posts
- 2,243
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Originally posted by Anarchos
What makes it a security hole?
-
Dec 29, 2001, 02:57 #7
- Join Date
- Oct 2000
- Location
- Austin, TX
- Posts
- 1,438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
That's not a security hole, but you can just replace <script with "". Besides that, my whole point was to not allow HTML, and instead create a pseudo-html parser.
ck :: bringing chris to the masses.
-
Dec 29, 2001, 03:01 #8
- Join Date
- Oct 2001
- Location
- Tucson, Arizona
- Posts
- 1,858
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
It's not secure because on some BBS software, you can gain access to the admin's/mod's passwords or other people's passwords. It's not pretty.
Bookmarks