Bbcodes On Websites

Credits

Free Web Hosting

Xisto

Welcome Guest ( Log In | Register)

Free Web Hosting, No Ads > CONTRIBUTE > Computers > Programming Languages > PHP Programming

2 Pages

1 2 >

Bbcodes On Websites

Options

demonlord View Member Profile Find Member's Posts	Mar 6 2008, 10:12 PM Post #1
Member [Level 3] Group: [HOSTED] Posts: 92 Joined: 1-January 08 Member No.: 55,554	Hello, is there a way for me to allow bbcode to be used on my site, i'm not running a forum or a cms or anything like that it's just a plain website. if some one could help me that would be great. (list)

jlhaslip View Member Profile Find Member's Posts	Mar 6 2008, 10:41 PM Post #2
A computer once beat me at chess, but it was no match for me at kick boxing. Group: [MODERATOR] Posts: 3,993 Joined: 24-July 05 From: In Trouble Again... still? Member No.: 9,787	Where on your site? in a Comments field? or in a chat box? or when you add your own content? Regardless, you will need to use php (probably) to change the values from bbcode to html code so it displays properly. you might as well just use html code. They are quite similar. [ b ] == <b>, etc (list)

demonlord View Member Profile Find Member's Posts	Mar 8 2008, 12:59 AM Post #3
Member [Level 3] Group: [HOSTED] Posts: 92 Joined: 1-January 08 Member No.: 55,554	hi jlhaslip, thanks for the reply, i'm wanting to be able to use these in comment fields and in a guest book that i'm making (list)

jlhaslip View Member Profile Find Member's Posts	Mar 8 2008, 01:42 AM Post #4
A computer once beat me at chess, but it was no match for me at kick boxing. Group: [MODERATOR] Posts: 3,993 Joined: 24-July 05 From: In Trouble Again... still? Member No.: 9,787	well, search:bbcode parser and you just might hit one. First Result looks promising: http://elouai.com/bbcode-sample.php (list)

demonlord View Member Profile Find Member's Posts	Mar 8 2008, 02:19 AM Post #5
Member [Level 3] Group: [HOSTED] Posts: 92 Joined: 1-January 08 Member No.: 55,554	thanks i found a couple of them i like (list)

galexcd View Member Profile Find Member's Posts	Mar 8 2008, 04:34 AM Post #6
Define:EVIL PROGRAMMER (ē'vəl prō'grăm'ər)- n. An organism that converts caffeine into evil software. Group: [HOSTED] Posts: 1,019 Joined: 25-September 05 From: L.A. Member No.: 12,251	Haslip. That first bbcode parser is terrible. It uses str_replace and is completely exploitable. Just see what happens when you try this bbcode in it: CODE [img]http://www.trap17.com/forums/style_images/logo.gif" onload="while(true){alert('this parser sucks');}[/img] (list)

jlhaslip View Member Profile Find Member's Posts	Mar 8 2008, 10:55 AM Post #7
A computer once beat me at chess, but it was no match for me at kick boxing. Group: [MODERATOR] Posts: 3,993 Joined: 24-July 05 From: In Trouble Again... still? Member No.: 9,787	The string parsing from bbcde to html is one thing, security is another and they should be separate functions in your code, depending on the 'threat', the level of security you desire, and the importance of the transaction . I think we both agree that the security of data is important and the first rule of site security is to "Never Trust User Input". Let me say that one more time: "Never Trust User Input". The input should be 'sanitized' before the code is placed through the parser. And thanks Alex for reminding us of this important point. There are many methods that can be used to sanitize code. For example, you could use the following snippet (or similar) to sanitize User Input before processing the code, and there are other methods to make user input more secure. This is only one example: CODE $allowedtags = "<strong><em><ul><li><pre><hr><blockquote><span>"; $cstring = strip_tags($val, $allowedtags); $cstring = nl2br($cstring); There are other functions you can arrange for the 'cleansing of data. This is merely an example of one method. For Cross site scripting threats, there is a good one to be found at http://quickwired.com/kallahar/smallprojec...er_function.php . I think it would eliminate the threat you proposed as an example. Not tested. (list)

alex1985 View Member Profile Find Member's Posts	Mar 8 2008, 12:25 PM Post #8
Super Member Group: [HOSTED] Posts: 411 Joined: 9-February 08 Member No.: 57,615	What is the way that I can put BBCode on my own site? (list)

galexcd

Mar 8 2008, 04:13 PM

Post #9

Define:EVIL PROGRAMMER (ē'vəl prō'grăm'ər)- n. An organism that converts caffeine into evil software.

Group: [HOSTED]
Posts: 1,019
Joined: 25-September 05
From: L.A.
Member No.: 12,251

QUOTE(jlhaslip @ Mar 8 2008, 02:55 AM)

The string parsing from bbcde to html is one thing, security is another and they should be separate functions in your code, depending on the 'threat', the level of security you desire, and the importance of the transaction .
I think we both agree that the security of data is important and the first rule of site security is to "Never Trust User Input".

Yes, it is a good idea mostly to have them separate, but remember, in my example, you may not want to escape or delete all quote in a post, just ones within certain tags which would have to be done with preg_replace rather than str_replace, or if you were going to program your own bbcode parser that would pass over and recognize your bbcode and then would modify it on the second pass.