GB_001 Posted June 28, 2008 Share Posted June 28, 2008 Hello, I am trying to create a textbox in which you can use html, but the only problem is that I dont know how you disable javascript from it. Can anyone please tell me how? Thankyou, GB. Quote Link to comment Share on other sites More sharing options...
xtopolis Posted June 28, 2008 Share Posted June 28, 2008 Just filter out the keywords, ie: "javascript:" "<script", AND replace the "<" ">" tags with their special equivs < >. Afaik you should be safe if you replace their <, > tags with the </> and display it. The best bet is to use the BBC method. Change all < and > tags to something, ie: [ and ]. Then do a replace for ALLOWED html, like the example below. Or just use </> <?php $_POST['text'] = "<b>Hi</b><script type='text/javascrip'>alert('haxor')</script>"; $_POST['text'] = str_replace(">","]",str_replace("<","[",$_POST['text'])); $_POST['text'] = str_replace("[b]","<b>",$_POST['text']); $_POST['text'] = str_replace("[/b]","</b>",$_POST['text']); echo $_POST['text']; ?> // Outputs Hi[script type=text/javascrip]alert('haxor')[/script] You also need to accomodate the inline javascript stuff. <a href="javascript:alert()">Link</a>, just a heads up. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.