(Link to AcmlmWiki) Offline: thank ||bass

Register | Login
Views: 13,040,846	Main | Memberlist | Active users | Calendar | Chat | Online users Ranks | FAQ | ACS | Stats | Color Chart | Search | Photo album	04-23-23 08:34 AM

0 users currently in Help, Suggestions, Bug Reports.

Acmlm's Board - I3 Archive - Help, Suggestions, Bug Reports - HTML filter thing

New poll | |

Add to favorites | Next newer thread | Next older thread

User	Post
Boom.dk Since: 11-18-05 From: Denmark Last post: 5925 days Last view: 5907 days	Posted on 08-05-06 02:15 PM Link | Quote
	function fixhtml($string) {       $domain = "acmlm\\.org";      // PCRE       $lookfor = "edit";            // Also PCRE       $repwith = "images/spacer.gif";       //       // Strip <script> tags       //       $string = preg_replace("@<script([^>]*?)>@si", "&lt;script\\1&gt;", $string);       $string = preg_replace("@</script>@si", "&lt;/script&gt;", $string);       //       // Kill HTML tags with a missing >       //       $string = str_replace("&", "&amp;", $string);       $string = str_replace("<", "&lt;", $string);       $string = str_replace(">", "&gt;", $string);       $string = preg_replace("@&lt;(.+?)&gt;@si", "<\\1>", $string);       $string = str_replace("&amp;", "&", $string);       //       // Filter on*       //       while(preg_match("@<[^>]+? on.+?=[^>]*?>@si", $string, $matches)) {             $string = str_replace($matches[0], preg_replace("@ on.+?=[^>]*?([ >])@si", "\\1", $matches[0]), $string);       }       //       // Filter bogus images/links       //       $string = preg_replace("@<([^>]+?) (src|href)=([\"']?[^/>]+?[^:>][^/>]{2}|[\"']?://|[^>]*?".$domain."|[\"']?)[^>]*?".$lookfor."[^>]*?( [^>]*?>|>)@si", "<\\1 \\2=\"".$repwith."\"\\4", $string);       //       // Filter javascript in src and href       //       $string = preg_replace("@<([^>]+?) (src|href)=[\"']?javascript:[^>]*?( [^>]*?>|>)@si", "<\\1 \\2=\"".$repwith."\"\\3", $string);       return $string; } (edited by Boom.dk on 08-05-06 01:22 PM) (edited by Boom.dk on 08-05-06 01:22 PM)
KeiiChi Kun Leever Learn some manners. Password changed to gibberish and IP banned.   Since: 01-01-06 From: Sushi Bar Last post: 5920 days Last view: 5920 days	Posted on 08-05-06 02:17 PM Link | Quote
	Wow, looks pretty useful, I'll try and cram it in my board somewhere. (edited by KeiiChi Kun on 08-05-06 01:18 PM)
Boom.dk Since: 11-18-05 From: Denmark Last post: 5925 days Last view: 5907 days	Posted on 08-05-06 02:23 PM Link | Quote
	*updated Edit: Also, this was actually thought for help/suggestions, so would somebody please move it there? Thanks. (edited by Boom.dk on 08-05-06 01:29 PM)
DarkSlaya 930 Gamma Ray Since: 11-17-05 From: Montreal, Canada Last post: 5908 days Last view: 5907 days	Posted on 08-05-06 11:13 PM Link | Quote
	Lolmove(tm)
Cellar Dweller + Red Koopa Since: 11-18-05 From: Arkansas Last post: 5916 days Last view: 5907 days	Posted on 08-07-06 04:57 AM Link | Quote
	I've always thought(and still do) that the right way to filter HTML is to parse it and check for illegal tags, improper nesting, missing closing tags, and prohibited attributes. While harder to code, I believe that it would be much stronger against deliberate attempts to inject malicious markup than any regex based method could ever hope to be. Too bad it is a lot more work.

Add to favorites | Next newer thread | Next older thread

Acmlm's Board - I3 Archive - Help, Suggestions, Bug Reports - HTML filter thing

|

Forum affiliates: GSCentral.org

ABII

Acmlmboard 1.92.999, 9/17/2006
©2000-2006 Acmlm, Emuz, Blades, Xkeeper

Page rendered in 0.014 seconds; used 373.49 kB (max 447.24 kB)