MySQL_Narb Posted September 1, 2013 Share Posted September 1, 2013 I'm allowing my users to use a very basic wysiwyg editor to make their posts a bit more fancy; however, I would assume that this gives them the ability to put raw HTML into their posts? So how would I limit the HTML to only what the editor supports (e.g: images, font color, bold, italics, and strike). Link to comment https://forums.phpfreaks.com/topic/281764-how-do-wysiwyg-editors-work/ Share on other sites More sharing options...
Irate Posted September 1, 2013 Share Posted September 1, 2013 You can use regular expressions to filter user input. For example, you have the submit button for the textarea which has a name of, say, "newpost". You can just generally filter out HTML tags to only allow wysiwyg tags (BBCode, to be exact) with regular expressions. An example below. $post = isset($_POST["newpost"])&&!empty($_POST["newpost"])?$_POST["newpost"]:""; if($post) { $post = preg_replace("#<(.*?)>#gm",""); # modify the string further now }You can also a predefined editor for this, such as the SCEditor (being used by a free forum host which I frequently use) or others. Link to comment https://forums.phpfreaks.com/topic/281764-how-do-wysiwyg-editors-work/#findComment-1447724 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.