FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Help with regex
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Help with regex [message #184965 is a reply to message #184954] Thu, 20 February 2014 06:29 Go to previous messageGo to previous message
Peter H. Coffin is currently offline  Peter H. Coffin
Messages: 245
Registered: September 2010
Karma:
Senior Member
On Wed, 19 Feb 2014 07:17:17 -0800 (PST), knal wrote:

> I am aware of the security issues, but the users are part of a
> restricted group submitting to a restricted part of the website. I do
> however filter the input for SQL injections etc, just to be sure.

Okay, if they're part of a limited and presumably trusted group, just
let 'em loose to write whatever HTML they want. Or don't give them any
at all.

The core point is that the thing that you're asking to do is a Very Hard
Problem. It's so hard, in fact, that most places that would otherwise
allow limited markup, like you're proposing do, tend to do it by using
their OWN markup tags, invalidating actual HTML (a la htmlentities();),
and then parsing for their own tags and substituting real HTML tags on
the output side. Because that's WAY LESS WORK and a lot more reliable
than what you're hoping to do.

--
10. I will not interrogate my enemies in the inner sanctum -- a small
hotel well outside my borders will work just as well.
--Peter Anspach's list of things to do as an Evil Overlord
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Career Opportunities in Singapore (PHP Tech Lead)
Next Topic: PHP script to get name of file which houses the script?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 21:19:23 GMT 2024

Total time taken to generate the page: 0.08637 seconds