ceo@xxxxxxxxx wrote:
Rule #1.
Never, ever, ever, alter the user's input, EXCEPT for sanitizing/filtering.
Specifically, do NOT add <br /> tags in place of newlines.
Store the newlines.
Upon OUTPUT, you can use nl2br() to get <br /> tags.
Or str_replace if you want </p> instead.
This is crucial as a habit, down the road, when you later want to put their stuff out as non-HTML such as RSS or PDF or other output mechanisms.
Consider their input as sacrosanct (except for dangerous/evil input).
I've been following this thread with interest because it is a recurring
challenge I've had to deal with while coding applications for my running club.
We have numerous non techies who enter text material for several applications.
My code deals with most, if not all, the issues brought up in this thread.
All processing on server-side. I save the user's input intact and only add the
HTML and styling code on the fly when sending to browsers. Also, note, my
rendered code is XHTML compliant. The error checking for the user is done with
Tidy.
If anyone is interested, I will provide the code used for this portion of the
application. It is well documented and easily modified.
Here is a copy of the user instructions for entering text in a textarea. Keep in
mind when reading the instructions that the examples are styled, colored,
bolded, etc. They are not in this plain text copy. The real thing is here:
http://www.ridersite.org/miniReg/miniRegInstr.php
******************************************************
User Instructions and Text Highlighting
Proxie Tags are special instructions for the user's browser and consist of
starting and, generally [there are exceptions as noted], ending elements [e.g.,
<blue>Blue Text</blue>] Tag names can be lower or upper case, or any
combination. A complete list of the usable tags is located just below the User
Instructions box.
HTML tags: You can use actual HTML tags; but, unless you are proficient with
HTML coding, we recommend sticking with the proxy tags.
Emphasize text like this:
<red>Red Text</red> <blue>Blue Text</blue> <bold>bold text</bold> [or the html
<b>bold text</b>] <italic>italic</italic> <underline>underline</underline>
Headers: <header>Header Text</header> are used as paragraph lead-ins and are
always left justified.
New Lines: Occasionally, you may want to force a new line. Simple add this tag
as needed <br> to force the new line.
Titles: Titles are centered when rendered. You can use this tag for blue titles
<blueTitle>Title</blueTitle> and <bluesubtitle>Blue Subtitle</bluesubtitle>; and
this for normal titles <title>Title</title> Titles and subtitles must be on
separate lines.
Use this syntax for Email and URL Links:
email links: <email>recipient's email addr<name>recipient's name</email>
URL links: <link>URL<label>link text</link>,
IMPORTANT.. Be very careful that you "close" all tags [e.g., </span> </blue>]
and that tags are nested properly
[e.g., <red><bold>Red Text</bold> </red> ]. Note that <bold> and </bold> are
both inside of <red> and </red>.
User Instructions HTML Error Checking
To insure your user instructions will display properly on all browsers, the
proxie and html tags you used are checked for validity. The check is performed
on the actual HTML code that will be sent to the user. Thus, the proxie tags you
used will have been converted to HTML tags.
The Error Report: shows the HTML errors and thus it may not be clear the cause
is due to a proxy tag error. For example, assume you misspelled <link> as
<lunk>, the error report will say "Error: <lunk> is not recognized! Warning:
discarding unexpected <lunk> Warning: discarding unexpected </a>". The <lunk>
error is noted OK. But, note the "discarding unexpected </a>"; that is because
you correctly spelled the </link> proxy tag and the proxy-to-HTML conversion
process properly converted it to the HTML </a> tag. The error checker thus found
an unexpected </a> tag.
Pasting Text from Word Processors: You can copy/paste text from your
wordprocessor into the "member/user instructions" box. However, you need to be
alert since wordprocessors use some special characters that are incompatible
with internet standards. MiniReg converts most, but not all, of them to
equivalent internet compatible characters. Carefully check your text in the box
and make any necessary corrections.
****************************************************************
/**
* Proxie tags for user admin prepared user instructions
* You add new ones, keep alpha order; just make certain they render properly
under the "Compose your member/user instructions here" box
*/
$proxiesTranslateArray = array(// *
'<link>' => '<a href="http://',
'<label>' => '" target="_blank">',
'</link>' => '</a>',
"<email>" => '<a href="mailto:',
"<name>" => "\">",
'</email>' => '</a>',
'<line>' => '<hr />',
'<br>' => '<br />',
'<blue>' => '<span class="blue">',
'</blue>' => '</span>',
'<bluesubtitle>' => '<div class="blueSubTitle">',
'</bluesubtitle>' => '</div>',
'<bluetitle>' => '<div class="blueTitle">',
'</bluetitle>' => '</div>',
'<bold>' => '<b>',
'</bold>' => '</b>',
'<green>' => '<span class="green">',
'</green>' => '</span>',
'<header>' => '<div class="header">',
'</header>' => '</div>',
'<italic>' => '<i>',
'</italic>' => '</i>',
'<red>' => '<span class="red">',
'</red>' => '</span>',
'<subtitle>' => '<div class="subtitle">',
'</subtitle>' => '</div>',
'<title>' => '<div class="title">',
'</title>' => '</div>',
'<underline>' => '<span class="underline">',
'</underline>' => '</span>',
);
Here is my Word translation table:
//Translate table for dumb Windows chars when user pastes from Word; function
strips all >160
$win1252ToPlainTextArray=array(
chr(130)=> ',',
chr(131)=> '',
chr(132)=> ',,',
chr(133)=> '...',
chr(134)=> '+',
chr(135)=> '',
chr(139)=> '<',
chr(145)=> '\'',
chr(146)=> '\'',
chr(147)=> '"',
chr(148)=> '"',
chr(149)=> '*',
chr(150)=> '-',
chr(151)=> '-',
chr(155)=> '>',
chr(160)=> ' ',
);
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php