Is it safe enough to prevent XSS injections when using it this way?
Code: Select all
<?php
$post = $_POST['post'];
echo bbcode(htmlentities($post));
function bbcode ($entry) {
$entry = eregi_replace("\[br\]","<br>",$entry);
$entry = eregi_replace("\[b\]([^\[]+)\[/b\]","<b>\\1</b>",$entry);
$entry = eregi_replace("\[i\]([^\[]+)\[/i\]","<i>\\1</i>",$entry);
$entry = eregi_replace("\[u\]([^\[]+)\[/u\]","<u>\\1</u>",$entry);
$entry = eregi_replace("\[img\]([^\[]+)\[/img\]","<img src=\"\\1\" border=\"0\">",$entry);
$entry = eregi_replace("\[mail\]([^\[]+)\[/mail\]","<a href=\"mailto:\\1\">\\1</a>",$entry);
$entry = eregi_replace("\[url\]([^\[]+)\[/url\]","<a href=\"\\1\" target=\"_blank\">\\1</a>",$entry);
$entry = eregi_replace("\[url=\"([^\"]+)\"]([^\[]+)\[/url\]","<a href=\"\\1\" target=\"_blank\">\\2</a>",$entry);
return $entry; }
?>