I am making a project posting system that will have somewhat some markup, similar to bbcodes, When i'm fetching the data from the database I use
strip_tags($content,'<br />');
To remove any unwanted html tags, then I continue on to use
str_ireplace($markup,$html_t,$strip_tags);
And those are both placed in variables for easier working.
I want to allow the <br /> tag because that is what is in my database to achieve line downs (nl2br) now for some reason it's not echoing out <br />'s.
No whitespace in second param.
strip_tags($content,'<br>');
http://php.net/manual/en/function.strip-tags.php
Related
I'm using TinyMCE 4 on a project, where I need to be able to pre-populate the textarea with HTML that was submitted through POST (for server-side error handling without deleting all their work) I know that a textarea works mostly like a tag, in that HTML inside is not parsed into DOM, so most sites show the demo:
<textarea name="demo"><?=$_POST['demo']?></textarea>
but what happens when a user submits HTML that includes an unmatched <textarea> or </textarea> tag?
Is there a standard way to manage this risk?
use htmlspecialchars($_POST['demo']) in php when outputing
Remove only the <textarea> tags from the user input. Please see this post using regular expressions. It tells you how to remove only certain tags (unlike htmlentities) which removes all tags.
Use xmp tag instead of textarea. It will display html as itself.
Eg: http://dadinck.x10.mx/xmp.html
htmlentities function will replace every html caracter (such as <) to one that will display correctly but wont break your html.
http://www.php.net/manual/en/function.htmlentities.php
I have a problem with the following:
I want to make a page that gets a file (I upload it), reads it and outputs it in an html file.
I am uploading the file and saving the contents in a mysql DB just fine, but when I show it again, I don't have any <br />'s there (maybe because the file should have \t\n or something.
How can I make it show it like it was originally written. (In the DB I see it with the fine spacing).
You probably want nl2br(). It will transform all line breaks to <br>s
You can either wrap inside <pre></pre> tags to display it as it is, or better yet use nl2br() function to add html break lines <br /> before any newline/carriage return /r /r/n /n
Are you sure the problem isn't just in the HTML? Multiple whitespaces convert to one in web browsers. In modern browsers, you can use the CSS white-space property to prevent that.
body { white-space: pre; }
Alternatively, you could wrap that section of HTML in a <pre> element, or you could hardcode extra spaces into
at time u store file data in database encode data using htmlentities() and at time of displaying decode it using html_entity_decode()
I am trying to display comments on a page and am having some trouble.
There are essentially two different types of comments I am trying to handle:
(1) The XSS type.. e.g. <script type="text/javascript">alert('hi')</script>. This is handled fairly easily by escaping it before it gets into the database and then running stripslashes and htmlentities on it.
(2) The comment with <br> breaks in it. When the data is stored into the database, I am running nl2br on it so the data looks like hi<br>hello<br><br>etc. However, when I display this comment, the <br>s do not turn into page breaks like I want them to.
Any idea what to do? I should note that turning off htmlentities fixes the second type, but the first type then is executed as pure html and displays an alert dialog.
Thanks,
Phil
If you want to remove unwanted tags you can try strip_tags. It supports allowable_tags so you can specify any tags that you don't want to be stripped. A sample from the manual:
// Allow <p> and <a>
// you can add <br> if you want it not stripped
echo strip_tags($text, '<p><a>');
So after you've converted all \n to be line breaks you dont have to worry about it being stripped. May not be what you want but hope it gives an idea.
One method: Replace <br> with a placeholder, like \n. Then do htmlentities to clean up html code. Finally, replace \n back with <br> to recover the line breaks.
I have a html page stored in the mysql database. I get the html from the database and try to replace some of the inline javascript code from the html content. I tried using str_replace() but it does not replace the inline javascript code. I can replace other html content like divs but not inline javascript code.
How can I do find and replace the inline javascript code?
PHP should be seeing the entire HTML page as a big string, so in theory, it should be able to alter JS and HTML alike. Is it possible the string still has slashes, and your str_replace can't find the search criteria due to the slashes?
Try printing the entirety of the string to the screen to make sure, and if it does still have slashes, use a stripslashes($string) call to get rid of them.
You probably want to use a DOM parser to handle your webpage as a DOM structure, not a serialised string of HTML (where things like string replacement and regular expressions can be troublesome).
In jWYSIWYG editor, pushing enter inserts <br />s.
Instead of this, I would prefer that pushing enter would wrap chunks in <p> tags.
WHAT IS OUTPUT
line
<br />
new line
WHAT I WANT
<p>line</p>
<p>new line</p>
Quick examination of the config seems I can't do it without hacking it internally.
Do you suggest I hack the plugin, or use PHP to do it? The incoming HTML is parsed with HTML Purifier, so if that could do it, that would be great.
So - where should I do it, in the plugin or PHP?
Any quick implementations of how to do it?
Thanks
You could search replace <br>s with newlines, and then use %AutoFormat.AutoParagraph