MySQL_Narb Posted September 1, 2013 Share Posted September 1, 2013 I'm allowing my users to use a very basic wysiwyg editor to make their posts a bit more fancy; however, I would assume that this gives them the ability to put raw HTML into their posts? So how would I limit the HTML to only what the editor supports (e.g: images, font color, bold, italics, and strike). Quote Link to comment Share on other sites More sharing options...
Irate Posted September 1, 2013 Share Posted September 1, 2013 You can use regular expressions to filter user input. For example, you have the submit button for the textarea which has a name of, say, "newpost". You can just generally filter out HTML tags to only allow wysiwyg tags (BBCode, to be exact) with regular expressions. An example below. $post = isset($_POST["newpost"])&&!empty($_POST["newpost"])?$_POST["newpost"]:""; if($post) { $post = preg_replace("#<(.*?)>#gm",""); # modify the string further now }You can also a predefined editor for this, such as the SCEditor (being used by a free forum host which I frequently use) or others. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.