GB_001 Posted June 28, 2008 Share Posted June 28, 2008 Hello, I am trying to create a textbox in which you can use html, but the only problem is that I dont know how you disable javascript from it. Can anyone please tell me how? Thankyou, GB. Link to comment https://forums.phpfreaks.com/topic/112268-disable-javascript-in-an-html-text-box/ Share on other sites More sharing options...
xtopolis Posted June 28, 2008 Share Posted June 28, 2008 Just filter out the keywords, ie: "javascript:" "<script", AND replace the "<" ">" tags with their special equivs < >. Afaik you should be safe if you replace their <, > tags with the </> and display it. The best bet is to use the BBC method. Change all < and > tags to something, ie: [ and ]. Then do a replace for ALLOWED html, like the example below. Or just use </> <?php $_POST['text'] = "<b>Hi</b><script type='text/javascrip'>alert('haxor')</script>"; $_POST['text'] = str_replace(">","]",str_replace("<","[",$_POST['text'])); $_POST['text'] = str_replace("[b]","<b>",$_POST['text']); $_POST['text'] = str_replace("[/b]","</b>",$_POST['text']); echo $_POST['text']; ?> // Outputs Hi[script type=text/javascrip]alert('haxor')[/script] You also need to accomodate the inline javascript stuff. <a href="javascript:alert()">Link</a>, just a heads up. Link to comment https://forums.phpfreaks.com/topic/112268-disable-javascript-in-an-html-text-box/#findComment-576468 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.