very confuse with embed codes!!

[kucing]

Hello every one..
First I want to thanks in advance who gonna spent some of there time to help me out :)

Well.. I found that few of my users are playing around with these codes and its making my site and many pages dead.. they are not loading at all..

So I am here for your kind help..

I tried stoping it using preg_match  [code]<embed[^>].*embed>[/code]
But it only effect for the good codes and bad codes are still there.. even thought I can delete it if someone post it again but need a perfect solution..

[b]Good Codes:[/b]
[code]<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/dZ7h8q4kMBE_E"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/dZ7h8q4kMBE_E" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>[/code]

[b]Bad Codes:[/b]
[code]<object width="425" height="350"><param name="movie" value="http://www.yo utube.com/v/aa$$33ffZZxx uot;></param>< ;param name="wmode" value="transparent&q uot;></param>< ;embed src="http://www.yout ube.com/v/aa$$33ffZZxxuo t; type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"> ;</embed></objec t>[/code]

[effigy]

Can you be more specific? Are you trying to remove all embed tags?

[kucing]

Hi..

Actually I am looking for a way where my script should understand like between bad codes and good codes and delete the bad ones..


[quote author=effigy link=topic=124875.msg518040#msg518040 date=1170257508]
Can you be more specific? Are you trying to remove all embed tags?
[/quote]

[effigy]

By "good" do you mean properly formatted (valid)? Users should be allowed to use object, param, and embed tags as long as they conform to HTML, basically, right?

[kucing]

Exactly thats the thing I am looking for and mine regexp seems not working as I want them to work :(


[quote author=effigy link=topic=124875.msg518080#msg518080 date=1170259598]
By "good" do you mean properly formatted (valid)? Users should be allowed to use object, param, and embed tags as long as they conform to HTML, basically, right?
[/quote]

[effigy]

OK. Are those tags always required, and only those tags? Meaning, an object tag must contain two param tags, one for "movie" and one for "wmode." And it must also contain 1 embed tag? What about the attributes? Are those always required?

[kucing]

Hi..

Yes in normal case it would be, as many of my members started putting their fav movies from google video and youtube but I also have seen few putting their photo album using slide means there is no <object> or <param> but it only has <embed> tags is attributes you mean "value" or "<param name="allowScriptAccess" value="never">"..

and effigy I will appreciate your help :)

Thanks

[effigy]

Here's an example. Keep in mind that I am checking formatting, not validity. Also, it's only checking for double-quoted attributes:

[code]
<?php
$tests = array(
### Good
'<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/dZ7h8q4kMBE_E"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/dZ7h8q4kMBE_E" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>',
### Bad
'<object width="425" height="350"><param name="movie" value="http://www.yo utube.com/v/aa$$33ffZZxx uot;></param>< ;param name="wmode" value="transparent&q uot;></param>< ;embed src="http://www.yout ube.com/v/aa$$33ffZZxxuo t; type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"> ;</embed></objec t>'
);

foreach ($tests as $test) {
// How many tags are there?
$tags = preg_match_all('%<[^>]+>%', $test, $matches);
$number_of_tags = count($matches[0]);
// How many properly formatted tags are there?
preg_match_all('%</?[a-z]+(?:\s+[a-z]+="[^"]+")*>%', $test, $matches);
$number_of_tags_format_ok = count($matches[0]);
// These should match.
echo ($number_of_tags == $number_of_tags_format_ok) ?
'Tags are OK' : 'Tags are not OK';
echo '<br>';
}
?>
[/code]