Page 1 of 1

preg_replace javascipt img bug

Posted: Fri May 30, 2003 1:52 pm
by owen
This might not be advanced PHP but this code replaces a [img] tag with the <img src=''> in a text string.

Code: Select all

<?php

//convert  tags
	$str=preg_replace("/\[img\]([^\[]*?)\[\/img\]/i","<img src='\\1' align=left>",$str);

?>
Now my problem is that if a user creates something like this [img]javascript:alert('hello%20world')[/img] it can be really bad. I tried to search for the solution but I couldn't find it. I then tried figure out how to do the regular expression "back reference" to search for the string "script:" in the $str but I'm not good at regular expressions.

Does anybody have a one line solution to this problem?

Posted: Mon Jun 02, 2003 1:00 pm
by owen
help?