Codegrrl.com Forums > HTML tags in comments?

Codegrrl.com Forums > Script Help > Tutorial Help

Sairah

Apr 15 2008, 02:57 PM

The title and description pretty much tells it all. I want certain html tags to be allowed in comments, so I've been playing around with the allowable_tags feature...but I can't get the syntax to be "proper" enough to be read. I've tried various combinations of this line in my process.php page:

CODE

$comment = htmlspecialchars(strip_tags($comment,",,<a>,<img>"($_POST['comment'])));

Is there a right way of doing this? Or is this another one of those things where I'm just being a problem child? =/ Any and all help would be appreciated! ^__^

Jamie

Apr 15 2008, 05:09 PM

I don't allow html but I allow like [strong][/strong], [em][/em] and then I replace that later on with the correct tags. Someone can correct me if I'm wrong, but I think that is a more secure way to do it.

Amelie

Apr 15 2008, 05:34 PM

I wouldn't allow any HTML in your comments - it doesn't matter which tags you allow or deny, they can pretty much all be injected with JavaScript and other malicious coding which can mess up your site and blog.

I'd recommend BBCode like Jamie suggested. Just use something like this:

CODE

$bbcode_open = array('[b]', '[i]', '[u]');
$html_open = array('', '', '');

$bbcode_close = array('[/b]', '[/i]', '[/u]');
$html_close = array('', '', '');

$comment = str_replace($bbcode_open, $html_open, $comment);
$comment = str_replace($bbcode_close, $html_close, $comment);

loadx

Apr 16 2008, 01:24 AM

*cough*PEAR*cough*
http://www.sitepoint.com/article/bb-code-php-application

enjoy.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.