preg_replace javascipt img bug

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
owen
Forum Newbie
Posts: 15
Joined: Fri May 30, 2003 12:40 pm

preg_replace javascipt img bug

Post by owen »

This might not be advanced PHP but this code replaces a [img] tag with the <img src=''> in a text string.

Code: Select all

<?php

//convert  tags
	$str=preg_replace("/\[img\]([^\[]*?)\[\/img\]/i","<img src='\\1' align=left>",$str);

?>
Now my problem is that if a user creates something like this [img]javascript:alert('hello%20world')[/img] it can be really bad. I tried to search for the solution but I couldn't find it. I then tried figure out how to do the regular expression "back reference" to search for the string "script:" in the $str but I'm not good at regular expressions.

Does anybody have a one line solution to this problem?
owen
Forum Newbie
Posts: 15
Joined: Fri May 30, 2003 12:40 pm

Post by owen »

help?
Post Reply