redarrow Posted March 21, 2007 Share Posted March 21, 2007 Very simple but looks grate good layout well done. Link to comment https://forums.phpfreaks.com/topic/38895-live-bb-parsing/page/2/#findComment-212389 Share on other sites More sharing options...
cmgmyr Posted March 21, 2007 Share Posted March 21, 2007 I like it too, good job and keep up the good work! Link to comment https://forums.phpfreaks.com/topic/38895-live-bb-parsing/page/2/#findComment-212394 Share on other sites More sharing options...
tomfmason Posted March 22, 2007 Share Posted March 22, 2007 I like the idea and I have written something like this for a client in the past. Overall I like your script. However, I see that you did not really take any measures to prevent xss. You can test this by typing the following bbcode: [nobbc][url =javascript:alert('Simple xss attack');]Simple xss attack[/url][nobbc]. There should be a simple fix for this and as a general rule, if possible, I would avoid using eval(). Also here are some nice articles on xss and it's prevention. http://www-128.ibm.com/developerworks/web/library/wa-secxss/?ca=dnt-55 http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/cross-site-malicious-content.html http://weblogs.java.net/blog/gmurray71/archive/2006/09/preventing_cros.html edit I had to add a space between url and the = in the example bbcode. And you will need to remove the nobbc tags Link to comment https://forums.phpfreaks.com/topic/38895-live-bb-parsing/page/2/#findComment-212477 Share on other sites More sharing options...
Lumio Posted March 22, 2007 Author Share Posted March 22, 2007 Thank you for posting that. I'll fix it. Link to comment https://forums.phpfreaks.com/topic/38895-live-bb-parsing/page/2/#findComment-212599 Share on other sites More sharing options...
Recommended Posts