open html tags

Discussion in 'HTML' started by ffreino@gmail.com, Sep 24, 2007.

  1. Guest

    Hi,
    I have a web page where users can post messages and these are printed
    on a board. Sometimes, when a user send a message with a open tag, for
    example:

    This is my message in <b>bold</b> and <i>italic</i> and this is a open
    <a href='http://domain

    produces a problem in the rest of the page (when they are printed on
    the board)

    I have tried to wrap messages in a <table>, <div> or <span> but this
    problem persists.

    Is there any way to avoid this? I think I could fix the problem using
    frames or something like that but I think there should be a smarter
    way.

    Thanks in advance.
    , Sep 24, 2007
    #1
    1. Advertising

  2. Scripsit :

    > I have a web page where users can post messages and these are printed
    > on a board.


    Why, oh why? If you don't know how to handle HTML input, treat the input as
    plain text. This might be a good idea even if you knew how to handle HTML
    input.

    > Sometimes, when a user send a message with a open tag, for
    > example:
    >
    > This is my message in <b>bold</b> and <i>italic</i> and this is a open
    > <a href='http://domain
    >
    > produces a problem in the rest of the page (when they are printed on
    > the board)


    Not a big surprise. If you don't check the input, disaster may result, and
    on the Internet, this means that disaster _will_ result. You haven't got
    nasty <iframe> viruses and <embed> annoyance and lots of <a> spam _yet_, I
    suppose.

    > I have tried to wrap messages in a <table>, <div> or <span> but this
    > problem persists.


    What made you think such tricks could possibly help?

    > Is there any way to avoid this?


    Do you really need the input possibility? Why? What does it contribute,
    really, that everyone and his dog and robot can puke on your page?

    If you really need it, does it need to allow HTML format?

    If yes, then stay tuned to some hard work. You would need to define the
    syntax of HTML you really want to accept (say, <b> is fine, <iframe> is not,
    etc.), parse the input to check that it is followed, and process it
    accordingly. You might be able to find existing software for this, but
    checking whether some software really does the job may well be more work
    than writing such software. (If you don't know how to write such stuff, in
    principle that is, then you're really not qualified to evaluate existing
    software in this issue, even at the simple level of deciding whether it's
    useful or yet another Troyan horse or something like that.)

    > I think I could fix the problem using
    > frames or something like that but I think there should be a smarter
    > way.


    Frames are part of a problem, not a solution.

    --
    Jukka K. Korpela ("Yucca")
    http://www.cs.tut.fi/~jkorpela/
    Jukka K. Korpela, Sep 24, 2007
    #2
    1. Advertising

  3. On Mon, 24 Sep 2007 07:35:32 -0700, wrote:

    > Hi,
    > I have a web page where users can post messages and these are printed
    > on a board. Sometimes, when a user send a message with a open tag, for
    > example:
    >
    > This is my message in <b>bold</b> and <i>italic</i> and this is a open
    > <a href='http://domain


    Assuming that HTML comments are not allowed inside tags could you try
    putting <!-- > --> after the user input. This should fix an open tag
    but not necessarily an open element.

    --
    Steven
    Steven Saunderson, Sep 24, 2007
    #3
  4. Steven Saunderson wrote:
    > On Mon, 24 Sep 2007 07:35:32 -0700, wrote:
    >
    >> Hi,
    >> I have a web page where users can post messages and these are printed
    >> on a board. Sometimes, when a user send a message with a open tag, for
    >> example:
    >>
    >> This is my message in <b>bold</b> and <i>italic</i> and this is a open
    >> <a href='http://domain

    >
    > Assuming that HTML comments are not allowed inside tags could you try
    > putting <!-- > --> after the user input. This should fix an open tag
    > but not necessarily an open element.
    >

    Is that effective when there's an open single or double quote delimiting
    an attribute value?
    Harlan Messinger, Sep 24, 2007
    #4
  5. On Mon, 24 Sep 2007 16:42:07 -0400, Harlan Messinger
    <> wrote:

    > Steven Saunderson wrote:
    > > Assuming that HTML comments are not allowed inside tags could you try
    > > putting <!-- > --> after the user input. This should fix an open tag
    > > but not necessarily an open element.
    > >

    > Is that effective when there's an open single or double quote delimiting
    > an attribute value?


    Good point; it probably won't work. I suppose the OP will have to
    validate everything or change all < to &lt;.

    --
    Steven
    Steven Saunderson, Sep 25, 2007
    #5
  6. Guest

    Ok, I'll try to focus my problem ;)
    When an user posts a message, I use php function 'strip_tags' to allow
    only some tags.

    strip_tags($text, '<b><i><u><br><a><q><image>')

    I think I could use regex to close open tags but I would like to try
    something easier. Moreover, I must check open quotes and so on.
    I would like to try something easier and faster (and probably
    worse) :)
    I think I'll have to choose the hard and long way



    On 25 sep, 08:20, Steven Saunderson <> wrote:
    > On Mon, 24 Sep 2007 16:42:07 -0400, Harlan Messinger
    >
    > <> wrote:
    > > Steven Saunderson wrote:
    > > > Assuming that HTML comments are not allowed inside tags could you try
    > > > putting <!-- > --> after the user input. This should fix an open tag
    > > > but not necessarily an open element.

    >
    > > Is that effective when there's an open single or double quote delimiting
    > > an attribute value?

    >
    > Good point; it probably won't work. I suppose the OP will have to
    > validate everything or change all < to &lt;.
    >
    > --
    > Steven
    , Sep 25, 2007
    #6
  7. Neredbojias Guest

    Well bust mah britches and call me cheeky, on Tue, 25 Sep 2007 11:04:57
    GMT scribed:

    > Ok, I'll try to focus my problem ;)
    > When an user posts a message, I use php function 'strip_tags' to allow
    > only some tags.
    >
    > strip_tags($text, '<b><i><u><br><a><q><image>')
    >
    > I think I could use regex to close open tags but I would like to try
    > something easier. Moreover, I must check open quotes and so on.
    > I would like to try something easier and faster (and probably
    > worse) :)
    > I think I'll have to choose the hard and long way


    You'd be better off working from the other direction: change all input to
    text, then html-ize only those tags you want. I just got through doing a
    whole bunch of this stuff and it isn't particularly that bad. However,
    regex expressions are definitely a boon to the endeavor.

    --
    Neredbojias
    Half lies are worth twice as much as whole lies.
    Neredbojias, Sep 26, 2007
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dean H. Saxe
    Replies:
    0
    Views:
    1,015
    Dean H. Saxe
    Jan 3, 2004
  2. Rob Nicholson
    Replies:
    3
    Views:
    681
    Rob Nicholson
    May 28, 2005
  3. Donald Firesmith

    html tags within meta tags allowed?

    Donald Firesmith, Jan 5, 2005, in forum: XML
    Replies:
    5
    Views:
    873
    Andy Dingley
    Jan 8, 2005
  4. Replies:
    3
    Views:
    503
    David Carlisle
    Jun 23, 2005
  5. Replies:
    10
    Views:
    750
    Spartanicus
    May 16, 2006
Loading...

Share This Page