Page 1 of 1

Safe HTML

Posted: Wed Feb 21, 2007 8:20 am
by user___
Hi guys,
I am developoing a forum just like this but I wonder which is the best way to create HTML. I ket the user to create images and such stuff in the same way as here "[the tag comes here]Something[/the tag ends here]". I know some solutions but I need to know which is the-best(I mean the generally used one).

Posted: Wed Feb 21, 2007 8:42 am
by feyd
Simple "tags" are straight substitutions most often. The more complex tags (ones that can be nested) are often best done with a string parser. Tag handling can get really complex depending on how you want it to work and whether you want valid HTML output. Many applications doing this sort of thing will have a template (or several) defining the appearance of the end conversion.

Posted: Wed Feb 21, 2007 9:18 am
by Kieran Huggins
This is a VERY complicated and potentially dangerous topic.

I strongly recommend you buy and read the Cal Henderson (of flickr) / O'Reilly book "Building Scalable Web Sites" - it has a whole chapter on user input and talks in depth about (dis)allowing tags in particular.

Also, it's just a fantastic book. It will make your project MUCH easier just having read it. It's really that good. Also, there's a lovely picture of a carp on the cover. You can't go wrong with a carp!

Posted: Wed Feb 21, 2007 9:20 am
by feyd
Kieran Huggins wrote:This is a VERY complicated and potentially dangerous topic.

I strongly recommend you buy and read the Cal Henderson (of flickr) / O'Reilly book "Building Scalable Web Sites" - it has a whole chapter on user input and talks in depth about (dis)allowing tags in particular.

Also, it's just a fantastic book. It will make your project MUCH easier just having read it. It's really that good. Also, there's a lovely picture of a carp on the cover. You can't go wrong with a carp!
I believe user___ is referring to bbtags. Still applicable? :)

Posted: Wed Feb 21, 2007 9:30 am
by Kieran Huggins
Some of the techniques discussed are applicable to bbcode as well, but there's also a fairly strong argument for accepting limited HTML.

I'm also convinced that the rest of the 300+ pages would be invaluable for anyone developing anything as sophisticated as a forum.

And let's not forget about that carp! I mean, wow!

Reply

Posted: Wed Feb 21, 2007 9:41 am
by user___
Thank you guys. I do appreciate your help. feyd:You are about what I want to use. I need the same amount of tags this forum offers(The same does not mean exactly the same number but something like this forum). and I thought of a regular expression replacing. What do you think?

Posted: Wed Feb 21, 2007 9:53 am
by feyd
Regular expressions are a pretty common way of handling them.

Reply

Posted: Wed Feb 21, 2007 10:44 am
by user___
So, is it a good idea?

Posted: Wed Feb 21, 2007 1:02 pm
by Z3RO21
Some basic tags like bold, em, ect can be done with simple str_replace but more complex tags as stated above need more work done with them. You are right Regular Expressions is what you will most likely use.

Reply

Posted: Wed Feb 21, 2007 1:05 pm
by user___
Thank you guys.

Posted: Wed Feb 21, 2007 2:02 pm
by RobertGonzalez
Is it a good idea? Yes. Anytime you prevent a user from submitting straight HTML to your database you are in a good spot.

There are numerous tools available for your to use that process bbCode. Many are available on PHPClasses. I also recommend googling Corz Blog or CBParser. His application for parsing bbCode is pretty nifty.