open html tags

F

ffreino

Hi,
I have a web page where users can post messages and these are printed
on a board. Sometimes, when a user send a message with a open tag, for
example:

This is my message in <b>bold</b> and <i>italic</i> and this is a open
<a href='http://domain

produces a problem in the rest of the page (when they are printed on
the board)

I have tried to wrap messages in a <table>, <div> or <span> but this
problem persists.

Is there any way to avoid this? I think I could fix the problem using
frames or something like that but I think there should be a smarter
way.

Thanks in advance.
 
J

Jukka K. Korpela

Scripsit (e-mail address removed):
I have a web page where users can post messages and these are printed
on a board.

Why, oh why? If you don't know how to handle HTML input, treat the input as
plain text. This might be a good idea even if you knew how to handle HTML
input.
Sometimes, when a user send a message with a open tag, for
example:

This is my message in <b>bold</b> and <i>italic</i> and this is a open
<a href='http://domain

produces a problem in the rest of the page (when they are printed on
the board)

Not a big surprise. If you don't check the input, disaster may result, and
I have tried to wrap messages in a <table>, <div> or <span> but this
problem persists.

What made you think such tricks could possibly help?
Is there any way to avoid this?

Do you really need the input possibility? Why? What does it contribute,
really, that everyone and his dog and robot can puke on your page?

If you really need it, does it need to allow HTML format?

If yes, then stay tuned to some hard work. You would need to define the
syntax of HTML you really want to accept (say, <b> is fine, <iframe> is not,
etc.), parse the input to check that it is followed, and process it
accordingly. You might be able to find existing software for this, but
checking whether some software really does the job may well be more work
than writing such software. (If you don't know how to write such stuff, in
principle that is, then you're really not qualified to evaluate existing
software in this issue, even at the simple level of deciding whether it's
useful or yet another Troyan horse or something like that.)
I think I could fix the problem using
frames or something like that but I think there should be a smarter
way.

Frames are part of a problem, not a solution.
 
S

Steven Saunderson

Hi,
I have a web page where users can post messages and these are printed
on a board. Sometimes, when a user send a message with a open tag, for
example:

This is my message in <b>bold</b> and <i>italic</i> and this is a open
<a href='http://domain

Assuming that HTML comments are not allowed inside tags could you try
putting <!-- > --> after the user input. This should fix an open tag
but not necessarily an open element.
 
H

Harlan Messinger

Steven said:
Assuming that HTML comments are not allowed inside tags could you try
putting <!-- > --> after the user input. This should fix an open tag
but not necessarily an open element.
Is that effective when there's an open single or double quote delimiting
an attribute value?
 
S

Steven Saunderson

Is that effective when there's an open single or double quote delimiting
an attribute value?

Good point; it probably won't work. I suppose the OP will have to
validate everything or change all < to &lt;.
 
F

ffreino

Ok, I'll try to focus my problem ;)
When an user posts a message, I use php function 'strip_tags' to allow
only some tags.

strip_tags($text, '<b><i><u><br><a><q><image>')

I think I could use regex to close open tags but I would like to try
something easier. Moreover, I must check open quotes and so on.
I would like to try something easier and faster (and probably
worse) :)
I think I'll have to choose the hard and long way
 
N

Neredbojias

Well bust mah britches and call me cheeky, on Tue, 25 Sep 2007 11:04:57
GMT scribed:
Ok, I'll try to focus my problem ;)
When an user posts a message, I use php function 'strip_tags' to allow
only some tags.

strip_tags($text, '<b><i><u><br><a><q><image>')

I think I could use regex to close open tags but I would like to try
something easier. Moreover, I must check open quotes and so on.
I would like to try something easier and faster (and probably
worse) :)
I think I'll have to choose the hard and long way

You'd be better off working from the other direction: change all input to
text, then html-ize only those tags you want. I just got through doing a
whole bunch of this stuff and it isn't particularly that bad. However,
regex expressions are definitely a boon to the endeavor.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top