From: "Chris Shiflett" <[EMAIL PROTECTED]> > --- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote: > > > > I'm against letting users enter HTML in their data, also. I'd rather > > emply a bbcode type solution, turning [b] into <b>, etc. > > I disagree with John here, but that's OK. :-) We seem to have different > perspectives about this bbcode stuff. Personally, I see no need to define > a new markup language that you intend to convert to HTML anyway. It is an > unnecessary complication that yields no benefits from what I can see. If > you run everything through htmlentities() but want some things > interpreted, you can always use str_replace() to allow the very specific > tags that you want. There's no need for regular expressions or risking the > <b onclick=""> type of stuff.
Heh... my turn to disagree again. You can do a simple str_replace() to convert "<b>" back into "<b>", but you're going to have to do it for each case. Also by doing that blindly, you can end up with orphaned tags affecting the rest of your page (making it all bold, for example). So, while I agree that adding another markup isn't always the best route, if you're not doing so, you need to include some regular expressions to account for all of the various implementations of the tags you want to allow. Your turn. :) ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
