Which Type of Input is Least Vulnerable to Attack?
Which type of input is least vulnerable to Cross-Site Scripting (XSS) and SQL Injection attacks. PHP, HTML, BBCode, etc. I need to know for a forum I'm helping a friend set up. ...
Which type of input is least vulnerable to Cross-Site Scripting (XSS) and SQL Injection attacks. PHP, HTML, BBCode, etc. I need to know for a forum I'm helping a friend set up. ...
I'm terrible with regex, but I've had a try and a Google (and even looked in reddit's source) and I'm still stuck so here goes: My aim is to match the following 'codes' and replace them with the HTML tags. It's just the regex I'm stuck with. **bold text** _italic text_ ~hyperlink~ Here's my attempts at the bold one: ^\*\*([.^\*]+)\*...
When you are developing a web-based application and you want to allow richly formatted text from the user you have to make a choice about how to allow that input. Many different markup languages have been created because it is arguably more difficult to sanitize HTML. What are the advantages and disadvantages of the various different m...
I wonder if there is a way to use ungreedy matching in JavaScript? I tried the U modifer, but it doesn't seem to work. I want to write a small BBCode parser in JavaScript, but without ungreedy matching it isn't possible (at least as far as I see it) to do something like this: '[b]one[/b] two [b]three[/b]'.replace( /\[b\](.*)\[\/b\]/, '...
I'd like to work on a bbcode filter for a php website. (I'm using cakephp, it would be a bbcode helper) I have some requirement. Bbcodes can be nested. So something like that is valid. [block] [block] [/block] [block] [block] [/block] [/block] [/block] Bbcodes can have 0 or more paramet...
I'm trying to build a bbcode parser, but I'm having quite some problems figuring out how to avoid matching too widely. For example I want to implement a [list] to conversion like this: \[list\](.*)\[/list\] would be replaced by this: <ul>$1</ul> This works fine, except if I have two lists where the regular expression matches the b...
I am scouting the market for a good WYSIWYG editor. My users are going to write stuff just like I'm doing now on Stack Overflow, but they aren't as tech-savvy as the SO users, so I need a WYSIWYG editor instead of this Markdown editor. Feature-wise, I'd like the editor to have approximately the same features as the buttons that this edi...
I've always been interested in writing web software like forums or blogs, things which take a limited markup to rewrite into HTML. But lately, I've noticed more and more that for PHP, try googling "PHP BBCode parser -PEAR" and test a few out, you either get an inefficient mess, or you get poor code with XSS holes here and there. Taking...
I need a regular expression to strip out any BBCode in a string. I've got the following (and an array with tags): new RegExp('\\[' + tags[index] + '](.*?)\\[/' + tags[index] + ']'); It picks up [tag]this[/tag] just fine, but fails when using [url=http://google.com]this[/url]. What do I need to change? Thanks a lot. ...
Has anybody used a good Java implementation of BBCode? I am looking at javabbcode : nothing to see kefir-bb : Listed as alpha BBcode parser in JBoss source code. Are there any better options? ...
I'm building a blog that should parse bbcode tags like this: Input: <youtube=http://www.youtube.com/watch?v=VIDEO_ID&feature=channel&gt; Output: <object width="400" height="245"> <param name="movie" value="http://www.youtube- nocookie.com/v/VIDEO_ID&hl=en&fs=1&rel=0&showinfo=0"></param> <param name="allowFullScreen" value=...
What I thought was going to be an easy implementation of two lines of code and a function, turned out to be made of fail. On my webpage, I want to be able to type [text]1[/text], and what it will do is pull the title of that ID. function textFormat($text) { $raw = array( '\'\[text\](?P<id>.*?)\[/text\]\'is' ); ...
Hi, I have a string which contains the text of an article. This is sprinkled with BBCodes (between square brackets). I need to be able to grab the first say, 200 characters of an article without cutting it off in the middle of a bbcode. So I need an index where it is safe to cut it off. This will give me the article summary. The summa...
I use the PECL bbcode extension for parsing BBCode-Tags. Can anybody show me a way of replacing the text between the BBCode tags instead of surrounding it with HTML tags? I want to build a [youtube] Tag: [youtube]w0ffwDYo00Q[/youtube] My configuration for this tag looks like this: $tags = array( 'youtube' => array( 'type...
Hello there, I'm trying to make my own BBCode parser for my website and I'm looking for a way to "htmlentities()" except the codes inside PRE tags, and the PRE tag itself. For example: <b>Hello world</b> (outputs <b>Hello world<>) <pre>"This must not be converted to HTML entities"</pre> (outputs <pre>"This must not be conv...
Hi there. I have a simple question for all of you jQuery lads out there. I would like to se an example of a simple jQuery bbcode function. I use a old one now and it's pure javascript and uses onClick. I would like to create a new one based on jQuery. (and understand what I did and Why I didi it). Can you guys give me a hand? :) ...
Hi All, I'm writing some PHP to convert BBcode to HTML. I would like to convert this BBcode: [quote] Hello World [/quote] to the following: <blockquote>Hello World</blockquote> The preg_replace function that I'm using to perform this is: preg_replace("/\[quote\](.+?)\[\/quote\]/s", "<blockquote>\\1</blockquote>", $bbCode); Thi...
So I'm putting together a simple forum. I'd like to allow my users limited formatting options and BBCode would be plenty for my users. Knowing that I'm assuredly not the first one to want to use BBCode with RoR I googled but couldn't find a straight forward tutorial on how to create a editor which accepts BBCode nor a way to parse and di...
I'm trying to add extra tags to the PEAR package BBCodeParser http://pear.php.net/package/HTML_BBCodeParser/docs/latest/li_HTML_BBCodeParser.html, to do this, I believe I need to place Object.php in \php5.3.0\PEAR\pear\HTML\BBCodeParser\Filter and call addFilter. Object.php <?php /* New filter @todo Lots */ require_once 'HTML/BBCode...
Hi, what would be best way to handle simple text styles like bbcode allowing bold italic etc inside of the text? what I did is dividing the text into parts, each part has assigned style and then I textout each piece, starting from Rect.Left + Canvas.TextWidth(Texts[i-1]). This however is probably quite slow, moreover I have no idea ho...