Jump to content
xisto Community
demonlord

Bbcodes On Websites

Recommended Posts

Hello,is there a way for me to allow bbcode to be used on my site, i'm not running a forum or a cms or anything like that it's just a plain website. if some one could help me that would be great.

Share this post


Link to post
Share on other sites

Where on your site? in a Comments field? or in a chat box? or when you add your own content?Regardless, you will need to use php (probably) to change the values from bbcode to html code so it displays properly. you might as well just use html code. They are quite similar. [ b ] == <b>, etc

Share this post


Link to post
Share on other sites

The string parsing from bbcde to html is one thing, security is another and they should be separate functions in your code, depending on the 'threat', the level of security you desire, and the importance of the transaction .

I think we both agree that the security of data is important and the first rule of site security is to "Never Trust User Input".

 

Let me say that one more time: "Never Trust User Input".

 

The input should be 'sanitized' before the code is placed through the parser. And thanks Alex for reminding us of this important point. There are many methods that can be used to sanitize code.

 

For example, you could use the following snippet (or similar) to sanitize User Input before processing the code, and there are other methods to make user input more secure. This is only one example:

$allowedtags = "<strong><em><ul><li><pre><hr><blockquote><span>";$cstring = strip_tags($val, $allowedtags);$cstring = nl2br($cstring);
There are other functions you can arrange for the 'cleansing of data. This is merely an example of one method.

For Cross site scripting threats, there is a good one to be found at http://www.quickwired.com/ .

I think it would eliminate the threat you proposed as an example. Not tested.

Share this post


Link to post
Share on other sites

The string parsing from bbcde to html is one thing, security is another and they should be separate functions in your code, depending on the 'threat', the level of security you desire, and the importance of the transaction . I think we both agree that the security of data is important and the first rule of site security is to "Never Trust User Input".


Yes, it is a good idea mostly to have them separate, but remember, in my example, you may not want to escape or delete all quote in a post, just ones within certain tags which would have to be done with preg_replace rather than str_replace, or if you were going to program your own bbcode parser that would pass over and recognize your bbcode and then would modify it on the second pass.

Share this post


Link to post
Share on other sites

so is the one that jlhaslip recomend safe to use, because that is the one i picked, and i dont want to use anything unsafe on my site. if it is not safe, which one would you recomend.

 

Oh and i dont know if it matters but the tags that i want to use are:

center

url

email

youtube

right

so if someone could help me out that would be great

 

Thanks

Share this post


Link to post
Share on other sites
function url($url,$text=""){$url=str_replace(array("<",">"),"",trim($url));if(preg_match("/javascript(\:|\s)/i", $img) || empty($url)) return'<font size=2><i>Error: "'.$url.'" is invalid.</i></font>';if($text=="")$text=$url;return '<a href='.$url.'>'.$text.'</a>';}function bbReplace($string){$string=preg_replace(array('/\[center\](.*?)\[\/center\]/is','/\[right\](.*?)\[\/right\]/is','/\[youtube\](.*?)\[\/youtube\]/is'),array('<center>$1</center>','<div style="align:right;">$1</div>','<object width="425" height="355"><param name="movie" value="http://forums.xisto.com/no_longer_exists/ name="wmode" value="transparent"></param><embed src="http://forums.xisto.com/no_longer_exists/&%2334; type="application/x-shockwave-flash" wmode="transparent" width="425" height="355"></embed></object>'),$string);$string=preg_replace(array('/\[url\=(.*?)\](.*?)\[\/url\]/ie','/\[email\](.*?)\[\/email\]/ie'),array("url('$1','$2')","url('mailto:'.'$1','$1')"),$string);return $string;}

So save this in a file or just add this snippet of code to the beginning of the file you want the bb-code parsing to happen.

This was written very quickly and haphazardly and was not tested so if you have any problems, just post them here.

Share this post


Link to post
Share on other sites

when i tested this code i could not get it to work, why is this?

I assume you got an error message appear on the screen? It would be helpful if you could post the error messages, as that will lead us to the source of the error.

Share this post


Link to post
Share on other sites

no there was no error message it just gave me the tags that i put in the comment field when i submitted, it. i tryed using the center tag so in the comment fields i pu the following:

[center]this is a test to see if the bbcodes are working[/center]
and when it submitted the info, all i saw was what i put in the box center tags and all.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.