Topic awaiting preservation: Crap killed stripping tags thread by accident |
|
---|---|
Author | Thread |
Maniac (V) Mad Scientist From: 100101010011 <-- right about here |
posted 03-28-2006 23:17
I was trying to delete a double post and ended up killing someone's thread about stripping HTML. |
Paranoid (IV) Inmate From: 1393 |
posted 03-29-2006 19:40
That was my thread... no problem. code: function stripData($string) { $string = preg_replace('@<script[^>]*?>.*?</script>@si', '(Script removed. No scripts allowed.)', $string); return $string; } ...to handle removing <script>'s but I grabbed the "@<script[^>]*?>.*?</script>@si" from here and that's the part that's a bit over my head. Really it's the deliminators that confuse me... I know I can virtually set it up to remove anything but I just don't get it. I was thinking something along the lines of replacing <script with <?php and so forth to remove php but obviously question marks are being used to specify something else (everything between maybe?). |
Paranoid (IV) Inmate From: Rouen, France |
posted 03-30-2006 00:37
redroy : There is an useful link on the preg_replace page : |
Paranoid (IV) Inmate From: 1393 |
posted 03-30-2006 05:39
I lied... ended up going with strip_tags() after all... I took this bit 'o functions and turned it into something I understand a little better: code: $allowedTags = '<b><i><u><a><div><img><ul><li><hr><blockquote>'; $stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup'; function stripData($string) { global $allowedTags, $stripAttrib; while($string != strip_tags($string, $allowedTags)) { $string = strip_tags($string, $allowedTags); } while($string != stripslashes(preg_replace("/$stripAttrib/i", 'FORBIDDEN', $string))) { $string = stripslashes(preg_replace("/$stripAttrib/i", 'FORBIDDEN', $string)); } return $string; } Seems to work pretty well. I'd appreciate any pointers if this doesn't look quite right to anybody. thanks! |
Maniac (V) Mad Scientist with Finglongers From: Germany |
posted 03-30-2006 06:42
you know... you can use the admin log to restore deleted threads! |
Maniac (V) Mad Scientist From: 100101010011 <-- right about here |
posted 03-30-2006 18:46
Ack I was looking in the admin I thought that was there somewhere. |
Maniac (V) Mad Scientist with Finglongers From: Germany |
posted 03-30-2006 21:37
ok.. ->adminlog, look for the appropriate row, 'show details', then 'restore deleted object' would be the way to go. |
Paranoid (IV) Inmate From: 1393 |
posted 04-06-2006 22:43
Crap... I've run into a small problem. The stripData function I posted above is working wonderfully if things are coded correctly... the problem is, for example, if a user types a tag wrong like... code: <a name="anchor"</a> ...everything below that error is gone (poof!). How could I make it a little more dummy proof? |