1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Script or snippet to disallow "<" or ">"

Discussion in 'Programming' started by webtracker, Jul 17, 2008.

0
  1. #1
    I have a site that allows people create a text profile. There is a TEXTAREA field and I've noticed that it also allows people to insert HTML; any HTML!

    Does anyone know of a script, webpage, tutorial, or code snippet that would show how to limit their input to JUST TEXT. No markup. I was thinking just killing the "<" and ">" and replacing them with "..."

    Please help.

    Thanks!
     
    webtracker, Jul 17, 2008 IP
  2. rohan_shenoy

    rohan_shenoy Active Member

    Messages:
    441
    Likes Received:
    20
    Best Answers:
    0
    Trophy Points:
    60
    #2
    str_replace() or htmlentities() or htmlspecialchars() function
     
    rohan_shenoy, Jul 17, 2008 IP
  3. thenotself

    thenotself Peon

    Messages:
    64
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Here's a very robust script in PHP

    /**
 * Remove HTML tags, including invisible text such as style and
 * script code, and embedded objects.  Add line breaks around
 * block-level tags to prevent word joining after tag removal.
 */
function strip_html_tags( $text )
{
    $text = preg_replace(
        array(
          // Remove invisible content
            '@<head[^>]*?>.*?</head>@siu',
            '@<style[^>]*?>.*?</style>@siu',
            '@<script[^>]*?.*?</script>@siu',
            '@<object[^>]*?.*?</object>@siu',
            '@<embed[^>]*?.*?</embed>@siu',
            '@<applet[^>]*?.*?</applet>@siu',
            '@<noframes[^>]*?.*?</noframes>@siu',
            '@<noscript[^>]*?.*?</noscript>@siu',
            '@<noembed[^>]*?.*?</noembed>@siu',
          // Add line breaks before and after blocks
            '@</?((address)|(blockquote)|(center)|(del))@iu',
            '@</?((div)|(h[1-9])|(ins)|(isindex)|(p)|(pre))@iu',
            '@</?((dir)|(dl)|(dt)|(dd)|(li)|(menu)|(ol)|(ul))@iu',
            '@</?((table)|(th)|(td)|(caption))@iu',
            '@</?((form)|(button)|(fieldset)|(legend)|(input))@iu',
            '@</?((label)|(select)|(optgroup)|(option)|(textarea))@iu',
            '@</?((frameset)|(frame)|(iframe))@iu',
        ),
        array(
            ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ',
            "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0", "\n\$0",
            "\n\$0", "\n\$0",
        ),
        $text );
    return strip_tags( $text );
}
    Code (markup):
    For more info: http://nadeausoftware.com/articles/2007/09/php_tip_how_strip_html_tags_web_page
     
    thenotself, Jul 17, 2008 IP
  4. ahmadfarhan

    ahmadfarhan Peon

    Messages:
    211
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #4
    there are plenty of scripts out there that does input filtering(that's basicly what you want to do)
    go to php classes(phpclasses.org) and search for "php input filter".. there's a class there that does the job for you.

    if you want a full featured app( rather than a class), the one i use is html purified.. (can't remember the utl off hand.. just google it)..
    if you are using smarty as a template engine the {strip}{/strip} tags will strip all html tags for you..
     
    ahmadfarhan, Jul 17, 2008 IP
  5. EricBruggema

    EricBruggema Well-Known Member

    Messages:
    1,740
    Likes Received:
    28
    Best Answers:
    13
    Trophy Points:
    175
    #5
    strip_tags from PHP :)
     
    EricBruggema, Jul 19, 2008 IP