Script or snippet to disallow "<" or ">"

Discussion in 'Programming' started by webtracker, Jul 17, 2008.

0
  1. #1
    I have a site that allows people create a text profile. There is a TEXTAREA field and I've noticed that it also allows people to insert HTML; any HTML!

    Does anyone know of a script, webpage, tutorial, or code snippet that would show how to limit their input to JUST TEXT. No markup. I was thinking just killing the "<" and ">" and replacing them with "..."

    Please help.

    Thanks!
     
    webtracker, Jul 17, 2008 IP
  2. rohan_shenoy

    rohan_shenoy Active Member

    Messages:
    441
    Likes Received:
    20
    Best Answers:
    0
    Trophy Points:
    60
    #2
    str_replace() or htmlentities() or htmlspecialchars() function
     
    rohan_shenoy, Jul 17, 2008 IP
  3. thenotself

    thenotself Peon

    Messages:
    64
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Here's a very robust script in PHP

    /**
 * Remove HTML tags, including invisible text such as style and
 * script code, and embedded objects.  Add line breaks around
 * block-level tags to prevent word joining after tag removal.
 */
function strip_html_tags( $text )
{
    $text = preg_replace(
        array(
          // Remove invisible content
            '@<head[^>]*?>.*?</head>@siu',
            '@<style[^>]*?>.*?</style>@siu',
            '@<script[^>]*?.*?</script>@siu',
            '@<object[^>]*?.*?</object>@siu',
            '@<embed[^>]*?.*?</embed>@siu',
            '@<applet[^>]*?.*?</applet>@siu',
            '@<noframes[^>]*?.*?</noframes>@siu',
            '@<noscript[^>]*?.*?</noscript>@siu',
            '@<noembed[^>]*?.*?</noembed>@siu',
          // Add line breaks before and after blocks
            '@</?((address)|(blockquote)|(center)|(del))@iu',
            '@</?((div)|(h[1-9])|(ins)|(isindex)|(p)|(pre))@iu',
            '@</?((dir)|(dl)|(dt)|(dd)|(li)|(menu)|(ol)|(ul))@iu',
            '@</?((table)|(th)|(td)|(caption))@iu',
            '@</?((form)|(button)|(fieldset)|(legend)|(input))@iu',
            '@</?((label)|(select)|(optgroup)|(option)|(textarea))@iu',
            '@</?((frameset)|(frame)|(iframe))@iu',
        ),
        array(
            ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ',
            "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0",
            "\n\$0", "\n\$0",
        ),
        $text );
    return strip_tags( $text );
}
    Code (markup):
    For more info: http://nadeausoftware.com/articles/2007/09/php_tip_how_strip_html_tags_web_page
     
    thenotself, Jul 17, 2008 IP
  4. ahmadfarhan

    ahmadfarhan Peon

    Messages:
    211
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #4
    there are plenty of scripts out there that does input filtering(that's basicly what you want to do)
    go to php classes(phpclasses.org) and search for "php input filter".. there's a class there that does the job for you.

    if you want a full featured app( rather than a class), the one i use is html purified.. (can't remember the utl off hand.. just google it)..
    if you are using smarty as a template engine the {strip}{/strip} tags will strip all html tags for you..
     
    ahmadfarhan, Jul 17, 2008 IP
  5. EricBruggema

    EricBruggema Well-Known Member

    Messages:
    1,740
    Likes Received:
    28
    Best Answers:
    13
    Trophy Points:
    175
    #5
    strip_tags from PHP :)
     
    EricBruggema, Jul 19, 2008 IP