(Link to AcmlmWiki) Offline: thank ||bass

Register | Login
Views: 13,040,846	Main | Memberlist | Active users | Calendar | Chat | Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album	05-17-24 03:25 AM

0 users currently in Help, Suggestions, Bug Reports.

Acmlm's Board - I3 Archive - Help, Suggestions, Bug Reports - HTML filter thing

New poll | |

Add to favorites | Next newer thread | Next older thread

User	Post
Boom.dk Since: 11-18-05 From: Denmark Last post: 6315 days Last view: 6297 days	Posted on 08-05-06 02:15 PM Link | Quote
	function fixhtml($string) {       $domain = "acmlm\\.org";      // PCRE       $lookfor = "edit";            // Also PCRE       $repwith = "images/spacer.gif";       //       // Strip <script> tags       //       $string = preg_replace("@<script([^>]*?)>@si", "&lt;script\\1&gt;", $string);       $string = preg_replace("@</script>@si", "&lt;/script&gt;", $string);       //       // Kill HTML tags with a missing >       //       $string = str_replace("&", "&amp;", $string);       $string = str_replace("<", "&lt;", $string);       $string = str_replace(">", "&gt;", $string);       $string = preg_replace("@&lt;(.+?)&gt;@si", "<\\1>", $string);       $string = str_replace("&amp;", "&", $string);       //       // Filter on*       //       while(preg_match("@<[^>]+? on.+?=[^>]*?>@si", $string, $matches)) {             $string = str_replace($matches[0], preg_replace("@ on.+?=[^>]*?([ >])@si", "\\1", $matches[0]), $string);       }       //       // Filter bogus images/links       //       $string = preg_replace("@<([^>]+?) (src|href)=([\"']?[^/>]+?[^:>][^/>]{2}|[\"']?://|[^>]*?".$domain."|[\"']?)[^>]*?".$lookfor."[^>]*?( [^>]*?>|>)@si", "<\\1 \\2=\"".$repwith."\"\\4", $string);       //       // Filter javascript in src and href       //       $string = preg_replace("@<([^>]+?) (src|href)=[\"']?javascript:[^>]*?( [^>]*?>|>)@si", "<\\1 \\2=\"".$repwith."\"\\3", $string);       return $string; } (edited by Boom.dk on 08-05-06 01:22 PM) (edited by Boom.dk on 08-05-06 01:22 PM)
KeiiChi Kun Leever Learn some manners. Password changed to gibberish and IP banned.   Since: 01-01-06 From: Sushi Bar Last post: 6310 days Last view: 6310 days	Posted on 08-05-06 02:17 PM Link | Quote
	Wow, looks pretty useful, I'll try and cram it in my board somewhere. (edited by KeiiChi Kun on 08-05-06 01:18 PM)
Boom.dk Since: 11-18-05 From: Denmark Last post: 6315 days Last view: 6297 days	Posted on 08-05-06 02:23 PM Link | Quote
	*updated Edit: Also, this was actually thought for help/suggestions, so would somebody please move it there? Thanks. (edited by Boom.dk on 08-05-06 01:29 PM)
DarkSlaya 930 Gamma Ray Since: 11-17-05 From: Montreal, Canada Last post: 6297 days Last view: 6297 days	Posted on 08-05-06 11:13 PM Link | Quote
	Lolmove(tm)
Cellar Dweller + Red Koopa Since: 11-18-05 From: Arkansas Last post: 6306 days Last view: 6297 days	Posted on 08-07-06 04:57 AM Link | Quote
	I've always thought(and still do) that the right way to filter HTML is to parse it and check for illegal tags, improper nesting, missing closing tags, and prohibited attributes. While harder to code, I believe that it would be much stronger against deliberate attempts to inject malicious markup than any regex based method could ever hope to be. Too bad it is a lot more work.

Add to favorites | Next newer thread | Next older thread

Acmlm's Board - I3 Archive - Help, Suggestions, Bug Reports - HTML filter thing

|

Forum affiliates: GSCentral.org

ABII

Acmlmboard 1.92.999, 9/17/2006
©2000-2006 Acmlm, Emuz, Blades, Xkeeper

Page rendered in 0.009 seconds; used 373.10 kB (max 446.91 kB)