RE: preg_replace (again) [solved]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Thanks for you comment. I already changed to <span>.

About sanitation: Do you know any open source where it checks code if it is
acceptable or not? Or should I just create a lib that do some preg_match to
see if any javascript tag is inside (assuming javascript should not be
allowed).

This is a private system, so I do not worry so much :)

/Peter

-----Original Message-----
From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx] 
Sent: Wednesday, September 20, 2006 2:13 PM
To: Peter Lauri
Cc: 'PHP General'
Subject: RE:  preg_replace (again) [solved]

On Wed, 2006-09-20 at 11:45 +0700, Peter Lauri wrote:
> Just to share my solution:

Out of curiosity, why don't you go with the very well known BBCode
system?

> preg_replace('/_color:(.*?)_(.*?)_color_/i', '<font color="$1">$2</font>',
> $html);

Hopefully this is a private system, otherwise someone not very nice
might do the following:

----
This is some _color:pink"> <script type="text/javascript"
language="javascript">
document.location = 'http://www.myDoityPr0nCollection.com';
</script><font color="pink_ colored text _color_ that I want to transfer
----

You need better content sanitization ]:B

FWIW, the <font> tag is about as deprecated as deprecated can get. You
might consider switching to <span>.

Cheers,
Rob.
-- 
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for       |
| creating re-usable components quickly and easily.          |
`------------------------------------------------------------'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux