John, Thanks. I'm considering that, but the application I'm working on is for a small intranet that will be for only a small group of supervised users, so vulnerability isn't such a large concern. Andy
> -----Original Message----- > From: John W. Holmes [mailto:[EMAIL PROTECTED] > Sent: Saturday, February 22, 2003 1:06 AM > To: 'Andy Crain'; [EMAIL PROTECTED] > Subject: RE: [PHP] preg_match question: locating unmatched HTML tags > > > I'm trying to build a regexp that would parse user-supplied text and > > identify cases where HTML tags are left open or are not properly > > matched-e.g., <b> tags without closing </b> tags. This is for a sort > of > > message board type of application, and I'd like to allow users to use > > some HTML, but just would like to check to ensure that no stray tags > are > > input that would screw up the rest of the page's display. I'm new to > > regular expressions, and the one below is as far as I've gotten. If > > anyone has any suggestions, they'd be very much appreciated. > > Letting users enter HTML is a bad idea. Even if you only let them use > <b> tags, they can still put ONCLICK and mouseover effects for the bold > text to screw with your other users. > > Use a BB style code, such as [b] for bold, [i] for italics, etc. This > way, you only match pairs and replace them with HTML and use > htmlentities on anything else. This way an unmatched [b] tag won't be > replaced with <b> and mess up your code. > > ---John W. Holmes... > > PHP Architect - A monthly magazine for PHP Professionals. Get your copy > today. http://www.phparch.com/ > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
