Safe HTML
Moderator: General Moderators
Safe HTML
Hi guys,
I am developoing a forum just like this but I wonder which is the best way to create HTML. I ket the user to create images and such stuff in the same way as here "[the tag comes here]Something[/the tag ends here]". I know some solutions but I need to know which is the-best(I mean the generally used one).
I am developoing a forum just like this but I wonder which is the best way to create HTML. I ket the user to create images and such stuff in the same way as here "[the tag comes here]Something[/the tag ends here]". I know some solutions but I need to know which is the-best(I mean the generally used one).
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Simple "tags" are straight substitutions most often. The more complex tags (ones that can be nested) are often best done with a string parser. Tag handling can get really complex depending on how you want it to work and whether you want valid HTML output. Many applications doing this sort of thing will have a template (or several) defining the appearance of the end conversion.
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact:
This is a VERY complicated and potentially dangerous topic.
I strongly recommend you buy and read the Cal Henderson (of flickr) / O'Reilly book "Building Scalable Web Sites" - it has a whole chapter on user input and talks in depth about (dis)allowing tags in particular.
Also, it's just a fantastic book. It will make your project MUCH easier just having read it. It's really that good. Also, there's a lovely picture of a carp on the cover. You can't go wrong with a carp!
I strongly recommend you buy and read the Cal Henderson (of flickr) / O'Reilly book "Building Scalable Web Sites" - it has a whole chapter on user input and talks in depth about (dis)allowing tags in particular.
Also, it's just a fantastic book. It will make your project MUCH easier just having read it. It's really that good. Also, there's a lovely picture of a carp on the cover. You can't go wrong with a carp!
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
I believe user___ is referring to bbtags. Still applicable?Kieran Huggins wrote:This is a VERY complicated and potentially dangerous topic.
I strongly recommend you buy and read the Cal Henderson (of flickr) / O'Reilly book "Building Scalable Web Sites" - it has a whole chapter on user input and talks in depth about (dis)allowing tags in particular.
Also, it's just a fantastic book. It will make your project MUCH easier just having read it. It's really that good. Also, there's a lovely picture of a carp on the cover. You can't go wrong with a carp!
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact:
Some of the techniques discussed are applicable to bbcode as well, but there's also a fairly strong argument for accepting limited HTML.
I'm also convinced that the rest of the 300+ pages would be invaluable for anyone developing anything as sophisticated as a forum.
And let's not forget about that carp! I mean, wow!
I'm also convinced that the rest of the 300+ pages would be invaluable for anyone developing anything as sophisticated as a forum.
And let's not forget about that carp! I mean, wow!
Reply
Thank you guys. I do appreciate your help. feyd:You are about what I want to use. I need the same amount of tags this forum offers(The same does not mean exactly the same number but something like this forum). and I thought of a regular expression replacing. What do you think?
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Is it a good idea? Yes. Anytime you prevent a user from submitting straight HTML to your database you are in a good spot.
There are numerous tools available for your to use that process bbCode. Many are available on PHPClasses. I also recommend googling Corz Blog or CBParser. His application for parsing bbCode is pretty nifty.
There are numerous tools available for your to use that process bbCode. Many are available on PHPClasses. I also recommend googling Corz Blog or CBParser. His application for parsing bbCode is pretty nifty.