Good point, and I might end up doing just that if I can't find a solution. The problem is that I'm considering using for some forms a <textarea> wysiwyg replacement (e.g., http://www.interactivetools.com/products/htmlarea/ or http://www.siteworkspro.com) that results in HTML output. And I wanted to check the output of that to make sure there aren't any extraneous tags. Andy
> -----Original Message----- > From: John W. Holmes [mailto:[EMAIL PROTECTED] > Sent: Saturday, February 22, 2003 5:04 PM > To: 'Andy Crain'; [EMAIL PROTECTED] > Subject: RE: [PHP] preg_match question: locating unmatched HTML tags > > Well, like someone else said, it's hard to look for and match stuff that > isn't there. In addition to the security benefit, it's just easier to > code something that looks for [b](.*)[/b] and replaces those tags with > <b> and </b> (or <strong> and </strong> if you want to be technically > correct). > > Honestly, if you've got a small group of people like you say then just > teach them HTML so they don't make mistakes like this. Or provide a > "preview" mode so they can double check their work. > > ---John W. Holmes... > > PHP Architect - A monthly magazine for PHP Professionals. Get your copy > today. http://www.phparch.com/ > > > -----Original Message----- > > From: Andy Crain [mailto:[EMAIL PROTECTED] > > Sent: Saturday, February 22, 2003 4:54 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [PHP] preg_match question: locating unmatched HTML tags > > > > John, > > Thanks. I'm considering that, but the application I'm working on is > for > > a small intranet that will be for only a small group of supervised > > users, so vulnerability isn't such a large concern. > > Andy > > > > > -----Original Message----- > > > From: John W. Holmes [mailto:[EMAIL PROTECTED] > > > Sent: Saturday, February 22, 2003 1:06 AM > > > To: 'Andy Crain'; [EMAIL PROTECTED] > > > Subject: RE: [PHP] preg_match question: locating unmatched HTML tags > > > > > > > I'm trying to build a regexp that would parse user-supplied text > and > > > > identify cases where HTML tags are left open or are not properly > > > > matched-e.g., <b> tags without closing </b> tags. This is for a > sort > > > of > > > > message board type of application, and I'd like to allow users to > > use > > > > some HTML, but just would like to check to ensure that no stray > tags > > > are > > > > input that would screw up the rest of the page's display. I'm new > to > > > > regular expressions, and the one below is as far as I've gotten. > If > > > > anyone has any suggestions, they'd be very much appreciated. > > > > > > Letting users enter HTML is a bad idea. Even if you only let them > use > > > <b> tags, they can still put ONCLICK and mouseover effects for the > > bold > > > text to screw with your other users. > > > > > > Use a BB style code, such as [b] for bold, [i] for italics, etc. > This > > > way, you only match pairs and replace them with HTML and use > > > htmlentities on anything else. This way an unmatched [b] tag won't > be > > > replaced with <b> and mess up your code. > > > > > > ---John W. Holmes... > > > > > > PHP Architect - A monthly magazine for PHP Professionals. Get your > > copy > > > today. http://www.phparch.com/ > > > > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
