Anyone know how to Block JavaScript from being run in HTML Comment Editors
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Anyone know how to Block JavaScript from being run in HTML Comment Editors
I have a website in which I would like to allow users the options to write articles using an in-browser text editor that allows html tags. The only problem is that currently, users are able to paste javascript into the editor. This obviously poses a security risk in that haxx00rs could backpack malicious code within comment or article posts. Any one have a simple solution to blocking javascript from being parsed with the posts? Or maybe there is a better way? Please help guys!
If you are playing around with PHP then you may want to look at the php function strip_tags(). This will remove HTML tags from the string, but you can add an exception list of allowable tags. Comments are always stripped, which is probably what you are looking for. This way you can restrict the number of allowable HTML tags that your submitters can use.
We can remove and preg_replace the the javascript <script> tags easily enough.
The problem comes when someone copies html into a comment or article posting that's like this:
</div>
<div> hello world</div>
in which that first tag will close the stuff above it.
In essence, we want to allow people to include HTML in comments and article postings, but we want to make sure the HTML is clean and well formatted so it doesnt mess up the rest of the site.
We would rather not have to write an HTML parser from scratch because we want to allow ALL html tags to be allowed. This would cause us to have to reference the entire HTML tag library.
Maybe someone has already written a solution to this problem?
Ok. I might have found a quick solution to this. There is a library available in PHP5 called HTML Tidy. I think this will "tidy" our HTML by correct any tag errors.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.