| | Hello, is there a way for me to allow bbcode to be used on my site, i'm not running a forum or a cms or anything like that it's just a plain website. if some one could help me that would be great. |
|
|
|
Both the opening of the Fast Reply box, and the buttons for adding BBCodes work by using Javascript. The Fast Reply box is opened and closed by using HTML and CSS properties to display and hide elements. The Javascript just toggles between displaying the box, and not displaying it.Getting the BBCodes inserted is a bit trickier, and notoriously hard to get working in IE, FF, Opera, Konqueror, Safar... read more.
Where on your site? in a Comments field? or in a chat box? or when you add your own content?
Regardless, you will need to use php (probably) to change the values from bbcode to html code so it displays properly. you might as well just use html code. They are quite similar. [ b ] == <b>, etc
hi jlhaslip, thanks for the reply, i'm wanting to be able to use these in comment fields and in a guest book that i'm making
well, search:bbcode parser and you just might hit one.
First Result looks promising: http://elouai.com/bbcode-sample.php
thanks i found a couple of them i like
Haslip. That first bbcode parser is terrible. It uses str_replace and is completely exploitable. Just see what happens when you try this bbcode in it:
CODE [img]http://www.trap17.com/forums/style_images/logo.gif" onload="while(true){alert('this parser sucks');}[/img] I think we both agree that the security of data is important and the first rule of site security is to "Never Trust User Input". Let me say that one more time: "Never Trust User Input". The input should be 'sanitized' before the code is placed through the parser. And thanks Alex for reminding us of this important point. There are many methods that can be used to sanitize code. For example, you could use the following snippet (or similar) to sanitize User Input before processing the code, and there are other methods to make user input more secure. This is only one example: CODE $allowedtags = "<strong><em><ul><li><pre><hr><blockquote><span>"; $cstring = strip_tags($val, $allowedtags); $cstring = nl2br($cstring); There are other functions you can arrange for the 'cleansing of data. This is merely an example of one method. For Cross site scripting threats, there is a good one to be found at http://quickwired.com/kallahar/smallprojec...er_function.php . I think it would eliminate the threat you proposed as an example. Not tested.
What is the way that I can put BBCode on my own site?
QUOTE(jlhaslip @ Mar 8 2008, 02:55 AM)  The string parsing from bbcde to html is one thing, security is another and they should be separate functions in your code, depending on the 'threat', the level of security you desire, and the importance of the transaction . I think we both agree that the security of data is important and the first rule of site security is to "Never Trust User Input". Yes, it is a good idea mostly to have them separate, but remember, in my example, you may not want to escape or delete all quote in a post, just ones within certain tags which would have to be done with preg_replace rather than str_replace, or if you were going to program your own bbcode parser that would pass over and recognize your bbcode and then would modify it on the second pass.
so is the one that jlhaslip recomend safe to use, because that is the one i picked, and i dont want to use anything unsafe on my site. if it is not safe, which one would you recomend.
Oh and i dont know if it matters but the tags that i want to use are:
so if someone could help me out that would be great Thanks Latest Entries
Both the opening of the Fast Reply box, and the buttons for adding BBCodes work by using Javascript. The Fast Reply box is opened and closed by using HTML and CSS properties to display and hide elements. The Javascript just toggles between displaying the box, and not displaying it.
Getting the BBCodes inserted is a bit trickier, and notoriously hard to get working in IE, FF, Opera, Konqueror, Safari and all the other browsers. The code can get quite complex to work across all the browsers, and rather than try to write it myself and replicate it here, I'll point you to a Google search that contains many different ways of achieving this, each with their own pros and cons: http://www.google.co.uk/search?hl=en&q...earch&meta=
All right. How to integrate the complicated BB Code Parsing like the one on this forum, with pictures, a user just click the picture and the action will follow. You can take the quick form reply as an exemple for that.
Did you use the function I wrote? The function doesn't automatically parse it for you, you actually need to call it
 instead of something like this: CODE echo mysql_result($result,0,"post"); Try this: CODE echo bbReplace(mysql_result($result,0,"post"));
So, how do I plug such BB Codes on my site's page?!
no there was no error message it just gave me the tags that i put in the comment field when i submitted, it. i tryed using the center tag so in the comment fields i pu the following:
CODE [center]this is a test to see if the bbcodes are working[/center] and when it submitted the info, all i saw was what i put in the box center tags and all.
Similar Topics
Keywords : bbcodes websites
Looking for bbcodes, websites
|
|
 Bbcodes On Websites |
| ADD REPLY / Got an Opinion! | a humble request :-) | RAPID SEARCH! | Free Hosting | [X] |
|
Express your Opinions, Thoughts or Contribute your information that might help someone here. Ask your Doubts & Queries to get answers.. "Together, We enlight each other!" |
Register FREE for AD-FREE forum, Create your own topics, Ask Questions, track topics, setup subscriptions & notifications and Get a Free Website w/ Email and FTP. | 500MB Space *No Ads*, CPanel, FTP, PHP, MySQL, EMails - 100% FREE |
|