Debugging my strip comments form

[giraffemedia]

Hello,

 

i've put together a little page to strip html comments from a dreamweaver template that I use for putting newsletters together. It's working fine now but i'd appreciate any input on the security side of things or general comments if you have any.

 

I'm also looking to get the form to check for any comments embedded within comments to sort out any that have nested (not that they should be - but you never know) but i'm not sure on the regex for that so if anyone has any ideas that would be great.

 

Thanks

 

James

 

<? 
if (isset($_POST['submit'])) { // If the form has been submitted

$input_string = stripslashes($_POST['input']); // Stripslahes from the html

  $result = preg_replace('/<!--(.|\s)*?-->/', '', $input_string); // Replace the opening and closing comments tags with nothing
  
}

$result = htmlentities($result); // Keep the output as html code rather than the browser interpreting the code and showing the actual page

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Strip Comments for Newsletter</title>
<style>

body {margin:10px auto; text-align:center; font-family:"Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size:12px;}
fieldset {padding:30px; border:none; background-color:#CCC;}
legend {background-color:#666; padding:5px 20px;color:#FFF;}
textarea {width:100%; font-size:11px; line-height:20px; padding-left:10px;}

</style>
</head>

<body>

<div style="margin:10px 200px;">

<h1>Strip Comments</h1>

<p>This script will strip out html comments from a web page but preserve the rest of it.</p>

<p>Simply paste the html into input and click 'Strip'. You will then be presented with the stripped version.</p>

<form action="" method="post" name="input" target="_self">

<fieldset>

    <legend>Input</legend>
    
    <textarea name="input" rows="10"><? echo $input_string; // Keep the code i've just stripped ?></textarea>
            
<br />

<input name="submit" type="submit" value="Strip it baby!" />
        
</fieldset>

<br /><br /><br />

<? 

if (isset($_POST['submit']) && (!empty($result))) { echo '

<fieldset>

<legend>Output</legend>

<textarea name="output_text" rows="10" >' . $result . '</textarea>

<br />

<input type="button" value="Select All" onClick="javascript:this.form.output_text.focus();this.form.output_text.select();"> 

</fieldset>';} else {} // Return the output in a new fieldset with a button to select the code

?>

</form>

</div>

</body>

</html>

[MadTechie]

Security seams okay, comments in comments will fail

in fact I would use this RegEX

'/<!--.*?-->/si'

(that doesn't support comments in comments either)

for example, this will fail

<!--
test 
<!--
another comment- ->
-->
test
-->

Leaving

test

-->

 

 

I'll move this to the RegEx section if you like

[giraffemedia]

I'll move this to the RegEx section if you like

 

No worries - thanks for your help.