Announcement

Collapse
No announcement yet.

A simple BB code support as well as filtering the HTML

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • A simple BB code support as well as filtering the HTML

    Here is a simple way (could be written differently) to avoid HTML / JS injections and at the same time support (some of) the BB tabs:

    PHP Code:
    function view_bb($desc)
    {
        
    $desc=nl2br($desc);
        
    $desc=preg_replace("/<ul>/i","[UL]",$desc);
        
    $desc=preg_replace("/[list=1]/i","[OL]",$desc);
        
    $desc=preg_replace("/<center>/i","[CENTER]",$desc);
        
    $desc=preg_replace("/<\\/[ ]*center>/i","[/CENTER]",$desc);
        
    $desc=preg_replace("/<\\/[ ]*ul>/i","[/UL]",$desc);
        
    $desc=preg_replace("/<\\/[ ]*ol>/i","[/OL]",$desc);
        
    $desc=preg_replace("/[*]/i","[LI]",$desc);
        
    $desc=preg_replace("/<\\/[ ]*li>/i","[/LI]",$desc);
        
    $desc=preg_replace("/<\\/[ ]*a>/i","[/A]",$desc);
        
    $desc=preg_replace("/<br[ \\/]*>/i","[BR]",$desc);
        
    $desc=preg_replace("/[b]/i","[B]",$desc);
        
    $desc=preg_replace("/<\\/[ ]*b>/i","[/B]",$desc);
        
    $desc=preg_replace("/[b]/i","[B]",$desc);
        
    $desc=preg_replace("/<u>/i","[U]",$desc);
        
    $desc=preg_replace("/<\\/[ ]*i>/i","[/U]",$desc);
        
    $desc=preg_replace("/

    /i"
    ,"[P]",$desc);
        
    $desc=preg_replace("/<\\/[ ]*p>/i","[/P]",$desc);
        
    $desc=preg_replace("/<s>/i","[B]",$desc);
        
    $desc=preg_replace("/[b]/i","[B]",$desc);
        
    $desc=preg_replace("/<\\/[ ]*s>/i","[/B]",$desc);
        
    $desc=preg_replace("/<\\/[ ]*strong>/i","[/B]",$desc);
        
    $desc=preg_replace("/[i]/i","[I]",$desc);
        
    $desc=preg_replace("/<\\/[ ]*i>/i","[/I]",$desc);
        
    $desc=preg_replace("/<\\/[ ]*font>/i","[/FONT]",$desc);
        
    $desc=preg_replace("/<font size=([\\+\\-0-9]*)>/i","[FONT SIZE=\$1]",$desc);
        
    $desc=preg_replace("/<font color=[ ]*(\\\")?([\\#0-9A-Za-z]*)(\\\")?>/i","[FONT COLOR=\$2]",$desc);
        
    $desc=preg_replace("/<font size=([\\+\\-0-9]*) color=[ ]*[\"]{0,1}([\\#0-9A-Za-z]*)[\"]{0,1}>/i","[FONT SIZE=\$1 COLOR=\$2]",$desc);
        
    $desc=preg_replace("/<font color=[ ]*[\\\"]?([\\#0-9A-Za-z]*)[\\\"]? size=([\\+\\-0-9]*)>/i","[FONT SIZE=\$2 COLOR=\$1]",$desc);
        
    $desc=preg_replace("/<a href\\=[\"]{0,1}([a-zA-Z0-9\\.\\-_:@%\\/\\;\\$\\(\\)~\\?\\+\\\\&]*)[\"]{0,1}>/i","[A HREF=\$1]",$desc);
        
    $desc=str_replace(array("<",">"),array("&lt;","&gt;"),$desc);
        
    $desc=str_replace(array("[OL]","[UL]","[/UL]","[LI]","[/LI]","[/A]","[BR]","[B]","[/B]","[CENTER]","[/CENTER]","[/FONT]","[P]","[/P]","[I]","[/I]","[U]","[/U]"),array("[list=1]","<UL>","[/list]","<LI>","</LI>","</A>","
    "
    ,"[B]","[/B]","<CENTER>","</CENTER>","</FONT>","

    "
    ,"</P>","[I]","[/I]","<U>","</U>"),$desc);
        
    $desc=preg_replace("/\\[FONT SIZE\\=([\\+\\-0-9]*)\\]/","<FONT SIZE=\$1>",$desc);
        
    $desc=preg_replace("/\\[FONT COLOR\\=([\\#0-9A-Za-z]*)\\]/","<FONT COLOR=\$1>",$desc);
        
    $desc=preg_replace("/\\[FONT SIZE\\=([\\+\\-0-9]*) COLOR\\=([\\#0-9A-Za-z]*)\\]/","<FONT SIZE=\$1 COLOR=\$2>",$desc);
        
    $desc=preg_replace("/\\[A HREF\\=([a-zA-Z0-9\\.\\-_:@%\\/\\;\\$\\(\\)~\\?\\+\\\\&]*)\\]/","<A HREF=\$1 TARGET=_blank>",$desc);
        
    $desc=preg_replace("/\\[img width=([0-9]+)\\](.+)\\[\\/[ ]*img\\]/i","<IMG SRC=\"\$2\" BORDER=0 WIDTH=\$1>",$desc);
        
    $desc=preg_replace("/\\[img width=([0-9]+) height=([0-9]+)\\](.+)\\[\\/[ ]*img\\]/i","<IMG SRC=\"\$3\" BORDER=0 WIDTH=\$1 HEIGHT=\$2>",$desc);
        
    $desc=preg_replace("/\\[img height=([0-9]+) widht=([0-9]+)\\](.+)\\[\\/[ ]*img\\]/i","<IMG SRC=\"\$3\" BORDER=0 WIDTH=\$2 HEIGHT=\$1>",$desc);
        
    $desc=preg_replace("/\\[img\\](.+)\\[\\/[ ]*img\\]/i","<IMG SRC=\"\$1\">",$desc);
        
    $desc=preg_replace("/\\[url\\](.+)\\[\\/[ ]*url\\]/i","<A HREF=\"\$1\">\$1</A>",$desc);
        
        
    $desc=preg_replace("/([^\"^'^=](http|https):\\/\\/[a-zA-Z0-9\\.\\-_:@%\\/\\;\\$\\(\\)~\\?\\+\\\\&]*)/","<A HREF=\"\$1\" TARGET=_blank>\$1</A>",$desc);
        
        return 
    $desc;

    To use it
    PHP Code:
    echo  view_bb("This is [b]MY[/b] BB code tool<div onClick='alert(1)'>will not work!</div>"); 
    - Make Web Games
    - Creator of NWE
    - Owner of Nowhere Else and beyond
    - Mad developer

  • #2
    Not too shabby. Being horrid at regular expressions, I would always have trouble with img tags in bbcode when I created my bbcode engine, and I see you took care of those quite nicely.
    [tabmenu]
    [tab='McCode Mods - 2 Player Live Games']
    $15-$75
    [mp]198[/mp]
    [/tabmenu]

    Comment


    • #3
      The most difficult part was to have automatic links for URLs written within the text. Should all work, maybe there is some cases not covered. I could less preg_replace functions by feeding it with arrays of expressions and replacement, but thought it would be a bit more readable like that.
      - Make Web Games
      - Creator of NWE
      - Owner of Nowhere Else and beyond
      - Mad developer

      Comment

      Working...
      X