preg_replace javascipt img bug
Posted: Fri May 30, 2003 1:52 pm
This might not be advanced PHP but this code replaces a [img] tag with the <img src=''> in a text string.
Now my problem is that if a user creates something like this [img]javascript:alert('hello%20world')[/img] it can be really bad. I tried to search for the solution but I couldn't find it. I then tried figure out how to do the regular expression "back reference" to search for the string "script:" in the $str but I'm not good at regular expressions.
Does anybody have a one line solution to this problem?
Code: Select all
<?php
//convert tags
$str=preg_replace("/\[img\]([^\[]*?)\[\/img\]/i","<img src='\\1' align=left>",$str);
?>Does anybody have a one line solution to this problem?