neogemima Posted May 9, 2009 Share Posted May 9, 2009 Hello Everyone, So here's what's going on. I have a site where people can post news, etc. I would like it so that when they post news, they can format lists if they would like in the content using <ul> etc. tags if they choose. This however presents a security issue in my php code because people can also put javascript into the content and make the site display weird things etc. Right now I am using htmlentities() in my php upload script to make sure no malicious scripts are recognized in the posted forms. How can I keep this AND let people be able to insert lists? Link to comment https://forums.phpfreaks.com/topic/157519-solved-php-input-problems/ Share on other sites More sharing options...
gevans Posted May 9, 2009 Share Posted May 9, 2009 You need to use some bbcode, have a look at this link http://www.sitepoint.com/article/bb-code-php-application/ Have a look and a play. If it doesn't make sense, or you get lost/stuck give us a shout! Link to comment https://forums.phpfreaks.com/topic/157519-solved-php-input-problems/#findComment-830488 Share on other sites More sharing options...
ohdang888 Posted May 9, 2009 Share Posted May 9, 2009 you can use strip_tags, which gives you the option of allowing only certain tags, like "<ul>" http://php.net/strip_tags Link to comment https://forums.phpfreaks.com/topic/157519-solved-php-input-problems/#findComment-830492 Share on other sites More sharing options...
neogemima Posted May 9, 2009 Author Share Posted May 9, 2009 I'm not that great with bbcode as I have not implemented it before. I like the strip tags option though. Thanks to both of you. I will be looking into bbcode for subsequent updates where I can use buttons similar to this site for formatting. Link to comment https://forums.phpfreaks.com/topic/157519-solved-php-input-problems/#findComment-830536 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.