implementing bbcode

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
ZxSpectrum
Forum Newbie
Posts: 11
Joined: Wed Feb 20, 2008 4:09 am

implementing bbcode

Post by ZxSpectrum »

hello, in my site i have a kind of internal priorietary forums, and users are asking for bbcodes.
I searched in internet though, and i saw that if the input is not properly sanitized, there are several security risks.

Anyone knows about a PHP libs for bbcode that is safe and is properly mantained?

Thanks
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Re: implementing bbcode

Post by Ambush Commander »

If your users don't mind writing HTML, I'd recommend my library HTML Purifier to you. Otherwise, you can check out PEAR.
ZxSpectrum
Forum Newbie
Posts: 11
Joined: Wed Feb 20, 2008 4:09 am

Re: implementing bbcode

Post by ZxSpectrum »

Uhm interesting, then i Think i can run this html purifier after the BBCODE function has expanded BBCODEs into Html...
samb0057
Forum Commoner
Posts: 27
Joined: Wed Mar 26, 2008 9:51 am

Re: implementing bbcode

Post by samb0057 »

I attached a BBcode function I wrote, along with the help page for your users.
Attachments
bbcode.zip
BBCode function and help file
(2.26 KiB) Downloaded 102 times
Post Reply