Jump to content
  • Advertisement
Sign in to follow this  
Cygnus_X

[web] Forum Text Formatting

This topic is 4861 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Anyone know of any open source php code that saves/echo's forum text properly to a browser? I've got a web forum in a Mud I'm beta testing that lets users on the same team post private messages.... but I've ran into a problem where people put stuff like </font> in the text and </table>.. etc just to screw things up. I know there are php functions like htmlentities() (which is what I'm currently using) that sort through that kind of crap, but I want people to still be able to post clickable links, let the return key add a return to the text, and other legit stuff of that nature. Anyways, thanks in advance.

Share this post


Link to post
Share on other sites
Advertisement
A full blown parser like konForce posted is a good solution, though it's rather large. Here are other options:

1) use strip_tags. It kills all HTML tags but lets you specify a list of allowed tags. Allow stuff like a,b,i,u,br,ecetera. Downside: people can still use jacasvript to do nasty things. E.g: <a href="url" onmouseover="nasty_js_here">click me!</a>

2) The MediaWiki project has some nice HTML stripper code in includes/parser.php that lets you not only filter HTML tags (instead of removing them, it quotes them with htmlspecialchars) but also lets you define a list of allowed tags AND a list of allowed attributes (e.g. you can allow a href="" attribute but remove any onmouseover's).

What I did for my latest project is re-implement the mediawiki parser in it's entirety, but suitable for forum-like posts. Meaning: You can use wikitext syntax to format your posts. I support about 90% of the mediawiki syntax. I only left out the page/article specific commands that would make no sense in a message-like system (stuff like subpages, templates and automatic table of contents generation).

Share this post


Link to post
Share on other sites
I guess on way to do it is to parse the post into a HTML document fragment, using the DOM loadHTML method, then strip out unwanted elements, attributes, before building it back into a string.

That would certainly be the safest, people's HTML will always end up well-formed regardless of what they type.

Mark

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!