Jump to content

Recommended Posts

I'm allowing my users to use a very basic wysiwyg editor to make their posts a bit more fancy; however, I would assume that this gives them the ability to put raw HTML into their posts? So how would I limit the HTML to only what the editor supports (e.g: images, font color, bold, italics, and strike).

Link to comment
https://forums.phpfreaks.com/topic/281764-how-do-wysiwyg-editors-work/
Share on other sites

You can use regular expressions to filter user input.

 

For example, you have the submit button for the textarea which has a name of, say, "newpost".

You can just generally filter out HTML tags to only allow wysiwyg tags (BBCode, to be exact) with regular expressions. An example below.

 

$post = isset($_POST["newpost"])&&!empty($_POST["newpost"])?$_POST["newpost"]:"";
if($post) {
$post = preg_replace("#<(.*?)>#gm","");
# modify the string further now
}
You can also a predefined editor for this, such as the SCEditor (being used by a free forum host which I frequently use) or others.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.