Custom BB Codes

Discussion in 'General Webmaster Support' started by monoVertex, May 8, 2007.

  1. monoVertex

    monoVertex I'm back!

    Ratings:
    +459 / 0 / -0
    Ok, here's my question: how can I make my own BB codes? Hyperlink, image, text size and all the others? Do I have to search the text for certain codes and use them as some functions, or there is any other way than this 'manual' one? Thanks in advance! :)
     
  2. AceHart

    AceHart Your Friendly Neighborhood Admin

    Ratings:
    +1,489 / 0 / -0
    PHP?

    $content = preg_replace('/\[b\](.*?)\[\/b\]/i', '<strong>$1</strong>', $content);
     
  3. monoVertex

    monoVertex I'm back!

    Ratings:
    +459 / 0 / -0
    Question: what is '(.*?)' supposed to do? To take whatever is inside the tags? And puts it in $1? Or those were just examples?
     
  4. AceHart

    AceHart Your Friendly Neighborhood Admin

    Ratings:
    +1,489 / 0 / -0
    Well, that weird-thing-that-looks-like-line-noise is, actually, a regular expression.

    This particular example would replace [noparse]"Hey, you!"[/noparse] with "<strong>Hey, you!</strong>".
    Yes, all of them (within $content), not just the first one.
     
  5. monoVertex

    monoVertex I'm back!

    Ratings:
    +459 / 0 / -0
    Oh, got it now, thanks a lot for your help! :)
     
  6. Persen

    Persen Guest

    Ratings:
    +0 / 0 / -0
    I'd also recommend some sort of filter that, Ace's code, replaces < and > with &lt; and &gt; so noone can input their own HTML and use it for XSS (doesn't matter what it is, it's just not good...)
     
  7. AceHart

    AceHart Your Friendly Neighborhood Admin

    Ratings:
    +1,489 / 0 / -0
    $content = str_replace(array('<','>'),array('&lt;','&gt;'),$content)

    And, rather obviously, should you use it, it needs to run before doing any "BB" replacements...
     
  8. monoVertex

    monoVertex I'm back!

    Ratings:
    +459 / 0 / -0
    Isn't there a function that automatically takes out any html tags? Anyway, the post function won't be accesible for anyone ;).
     
  9. AceHart

    AceHart Your Friendly Neighborhood Admin

    Ratings:
    +1,489 / 0 / -0
    strip_tags
    But, that takes them out completely.

    Just replacing the < and > allows to post something like <div>123</div>, and you still see it.
     
  10. DDRtists

    DDRtists ɹoʇɐɹǝpoɯ ɹǝdns Staff Member

    Ratings:
    +413 / 0 / -0
    I'd recommend doing it the way AceHart said.
     
  11. monoVertex

    monoVertex I'm back!

    Ratings:
    +459 / 0 / -0
    Well, the purpose of the post won't need those. But I'll do that way. Thanks :).
     
  12. phyrex1an

    phyrex1an Staff Member and irregular helper Staff Member

    Ratings:
    +446 / 0 / -0
    Remember that the ace way of escaping user input only work as long as it will be inside an element (<div>here</div>) and not in the attribute list (<a href="here">Link</a>).
     
  13. AceHart

    AceHart Your Friendly Neighborhood Admin

    Ratings:
    +1,489 / 0 / -0
    If you mean the < > thing, it doesn't depend on any tags.
     
  14. phyrex1an

    phyrex1an Staff Member and irregular helper Staff Member

    Ratings:
    +446 / 0 / -0
    Works = Prevents XSS attacks or other nasty stuff.

    Escaping < and > is only enough when placing the escaped string inside an element and not in an elements attribute list. In this use case it's enough but it wont be enough if you make an anchor tag.
     
  15. AceHart

    AceHart Your Friendly Neighborhood Admin

    Ratings:
    +1,489 / 0 / -0
    That's not clearer either.
    Got some example?
     
  16. phyrex1an

    phyrex1an Staff Member and irregular helper Staff Member

    Ratings:
    +446 / 0 / -0
    Code:
    $content = str_replace(array('<','>'),array('&lt;','&gt;'),$content);
    $content = preg_replace('/\[a\](.*?)\[\/a\]/i', '<a href="$1">Click Here</a>', $content);

    User input: [a]" onclick="nasty javascript[/a]

    Equals: Problems

    Ofc, with an anchor tag you must filter input that starts with javascript: too but that's another story :)
     
  17. AceHart

    AceHart Your Friendly Neighborhood Admin

    Ratings:
    +1,489 / 0 / -0
    Well, who would ever put unfiltered user input up?
     
  18. DDRtists

    DDRtists ɹoʇɐɹǝpoɯ ɹǝdns Staff Member

    Ratings:
    +413 / 0 / -0
    Hmm...

    Just search for nasty tags, just as "JavaScript". xP
     
  19. Persen

    Persen Guest

    Ratings:
    +0 / 0 / -0
    Actually, I forgot that function^^
     
  20. monoVertex

    monoVertex I'm back!

    Ratings:
    +459 / 0 / -0
    Ok, I used that function for some basic stuff and it worked perfectly, but now I need help again.

    Here you gave me the function and I just used it as it is, but I want to learn it, to say so. I tried to follow the manual on php.net, but I admit that I hardly undorstood something... If anyone has the patience to explain me, please :). For example, a thing I would like to know would be how to make the url tag. Because, in the url tag you can pass 2 arguments (link and the actual text) and I am confused at it.

    Thanks in advance.
     

Share This Page