Safe HTML

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
user___
Forum Contributor
Posts: 297
Joined: Tue Dec 05, 2006 3:05 pm

Safe HTML

Post by user___ »

Hi guys,
I am developoing a forum just like this but I wonder which is the best way to create HTML. I ket the user to create images and such stuff in the same way as here "[the tag comes here]Something[/the tag ends here]". I know some solutions but I need to know which is the-best(I mean the generally used one).
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Simple "tags" are straight substitutions most often. The more complex tags (ones that can be nested) are often best done with a string parser. Tag handling can get really complex depending on how you want it to work and whether you want valid HTML output. Many applications doing this sort of thing will have a template (or several) defining the appearance of the end conversion.
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

This is a VERY complicated and potentially dangerous topic.

I strongly recommend you buy and read the Cal Henderson (of flickr) / O'Reilly book "Building Scalable Web Sites" - it has a whole chapter on user input and talks in depth about (dis)allowing tags in particular.

Also, it's just a fantastic book. It will make your project MUCH easier just having read it. It's really that good. Also, there's a lovely picture of a carp on the cover. You can't go wrong with a carp!
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Kieran Huggins wrote:This is a VERY complicated and potentially dangerous topic.

I strongly recommend you buy and read the Cal Henderson (of flickr) / O'Reilly book "Building Scalable Web Sites" - it has a whole chapter on user input and talks in depth about (dis)allowing tags in particular.

Also, it's just a fantastic book. It will make your project MUCH easier just having read it. It's really that good. Also, there's a lovely picture of a carp on the cover. You can't go wrong with a carp!
I believe user___ is referring to bbtags. Still applicable? :)
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

Some of the techniques discussed are applicable to bbcode as well, but there's also a fairly strong argument for accepting limited HTML.

I'm also convinced that the rest of the 300+ pages would be invaluable for anyone developing anything as sophisticated as a forum.

And let's not forget about that carp! I mean, wow!
user___
Forum Contributor
Posts: 297
Joined: Tue Dec 05, 2006 3:05 pm

Reply

Post by user___ »

Thank you guys. I do appreciate your help. feyd:You are about what I want to use. I need the same amount of tags this forum offers(The same does not mean exactly the same number but something like this forum). and I thought of a regular expression replacing. What do you think?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Regular expressions are a pretty common way of handling them.
user___
Forum Contributor
Posts: 297
Joined: Tue Dec 05, 2006 3:05 pm

Reply

Post by user___ »

So, is it a good idea?
Z3RO21
Forum Contributor
Posts: 130
Joined: Thu Aug 17, 2006 8:59 am

Post by Z3RO21 »

Some basic tags like bold, em, ect can be done with simple str_replace but more complex tags as stated above need more work done with them. You are right Regular Expressions is what you will most likely use.
user___
Forum Contributor
Posts: 297
Joined: Tue Dec 05, 2006 3:05 pm

Reply

Post by user___ »

Thank you guys.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Is it a good idea? Yes. Anytime you prevent a user from submitting straight HTML to your database you are in a good spot.

There are numerous tools available for your to use that process bbCode. Many are available on PHPClasses. I also recommend googling Corz Blog or CBParser. His application for parsing bbCode is pretty nifty.
Post Reply