On 5/15/08, Eric Butera <[EMAIL PROTECTED]> wrote:
> On Wed, May 14, 2008 at 10:56 PM, Yi Wang <[EMAIL PROTECTED]> wrote:
> > Can anyone provide some code that can't be stripped by strip_tags?
> >
> >
> > On 5/15/08, Eric Butera <[EMAIL PROTECTED]> wrote:
> >> On Wed, May 14, 2008 at 11:38 AM
On Tue, May 13, 2008 at 6:06 AM, Per Jessen <[EMAIL PROTECTED]> wrote:
> Shelley wrote:
>
>> I want to know whether there are some good HTML parsers written in
>> PHP.
>>
>> That is,
>> the parser checks whether html tags like table, tr, td, div, dt, dl,
>> dd, script, ul, li, span, h1, h2, etc. ar
On Wed, May 14, 2008 at 10:56 PM, Yi Wang <[EMAIL PROTECTED]> wrote:
> Can anyone provide some code that can't be stripped by strip_tags?
>
>
> On 5/15/08, Eric Butera <[EMAIL PROTECTED]> wrote:
>> On Wed, May 14, 2008 at 11:38 AM, Robert Cummings <[EMAIL PROTECTED]> wrote:
>> >
>> >
>> > On We
Gabriel Sosa wrote:
this one
strip_tags('%3C%68%31%3E%68%65%6C%6C%6F%20%77%6F%72%6C%64%3C%2F%68%31%3E');
aka hello world using urlencode from http://ha.ckers.org/xss.html
take care the possible xss
saludos
gabriel
On Wed, May 14, 2008 at 11:56 PM, Yi Wang <[EMAIL PROTECTED]> wrote:
Can
Can anyone provide some code that can't be stripped by strip_tags?
On 5/15/08, Eric Butera <[EMAIL PROTECTED]> wrote:
> On Wed, May 14, 2008 at 11:38 AM, Robert Cummings <[EMAIL PROTECTED]> wrote:
> >
> >
> > On Wed, 2008-05-14 at 11:18 -0400, Eric Butera wrote:
> > > On Tue, May 13, 2008 a
Yeah, you are right, friend. Because users' input should be in tag
only.
On Wed, May 14, 2008 at 11:06 PM, Robert Cummings <[EMAIL PROTECTED]>
wrote:
>
> On Wed, 2008-05-14 at 18:50 +0800, Shelley wrote:
> > Thank you all.
> > I have made it working excellent for me now.
> > The solution is here
On Wed, May 14, 2008 at 11:38 AM, Robert Cummings <[EMAIL PROTECTED]> wrote:
>
>
> On Wed, 2008-05-14 at 11:18 -0400, Eric Butera wrote:
> > On Tue, May 13, 2008 at 4:07 AM, James Dempster <[EMAIL PROTECTED]> wrote:
> > > http://htmlpurifier.org/
> > >
> > > --
> > > /James
> > >
> >
> >
>
> "Purifier will not only remove all malicious code (better known as XSS)
> with a thoroughly audited, secure yet permissive whitelist, it will also
> make sure your documents are *standards compliant."*
>
Set it up how you want it.
--
/James
On Wed, May 14, 2008 at 4:38 PM, Robert Cummings <[E
On Wed, 2008-05-14 at 11:18 -0400, Eric Butera wrote:
> On Tue, May 13, 2008 at 4:07 AM, James Dempster <[EMAIL PROTECTED]> wrote:
> > http://htmlpurifier.org/
> >
> > --
> > /James
> >
>
> This is the only real solution.
That depends... if I'm the webmaster and I want to input arbitrary HTML,
On Tue, May 13, 2008 at 4:07 AM, James Dempster <[EMAIL PROTECTED]> wrote:
> http://htmlpurifier.org/
>
> --
> /James
>
This is the only real solution.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Wed, 2008-05-14 at 18:50 +0800, Shelley wrote:
> Thank you all.
> I have made it working excellent for me now.
> The solution is here: http://phparch.cn
Ah, there you go... "show_body_only". I was too lazy when I used tidy a
while back to look through every option, so a quick preg stripping
su
Thank you all.
I have made it working excellent for me now.
The solution is here: http://phparch.cn
On Tue, May 13, 2008 at 1:34 PM, Robert Cummings <[EMAIL PROTECTED]>
wrote:
>
> On Tue, 2008-05-13 at 01:27 -0400, Robert Cummings wrote:
> > On Tue, 2008-05-13 at 12:28 +0800, Shelley wrote:
> > >
Shelley wrote:
> I want to know whether there are some good HTML parsers written in
> PHP.
>
> That is,
> the parser checks whether html tags like table, tr, td, div, dt, dl,
> dd, script, ul, li, span, h1, h2, etc. are nested correctly.
> If any tags not matched, just remove them.
Except for t
http://htmlpurifier.org/
--
/James
On Tue, May 13, 2008 at 4:34 AM, Shelley <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> The fact is that I have a site that allow users to post hypertext
> articles.
> However, I saw that sometimes, because of their careless input,
> the articles is not rendered corr
On Tue, 2008-05-13 at 01:27 -0400, Robert Cummings wrote:
> On Tue, 2008-05-13 at 12:28 +0800, Shelley wrote:
> > Maybe I didn't use that tidy correctly.
> > I don't want html, head, body things. Just parsed string.
>
> So strip them...
>
> // ...
>
> tidy_parse_string( $html );
>
On Tue, 2008-05-13 at 12:28 +0800, Shelley wrote:
> Maybe I didn't use that tidy correctly.
> I don't want html, head, body things. Just parsed string.
So strip them...
#Uis', '', $html )
$html = preg_replace( '##Uis', '', $html )
//...
?>
Cheers,
Rob.
--
http://www.interjinn.com
Appli
You should pass the secend parm to the function. Like this:
$allowable_tags = '';
strip_tags( $text, $allowable_tags );
On 5/13/08, Shelley <[EMAIL PROTECTED]> wrote:
> Not that.
>
> It will just remove all html tags, you know.
>
>
> --
> Regards,
> Shelley
--
Regards,
Wang Yi
--
PHP Gener
Maybe I didn't use that tidy correctly.
I don't want html, head, body things. Just parsed string.
On Tue, May 13, 2008 at 12:00 PM, Robert Cummings <[EMAIL PROTECTED]>
wrote:
>
> On Tue, 2008-05-13 at 11:34 +0800, Shelley wrote:
> > Hi all,
> >
> > The fact is that I have a site that allow users
On Tue, 2008-05-13 at 11:34 +0800, Shelley wrote:
> Hi all,
>
> The fact is that I have a site that allow users to post hypertext articles.
> However, I saw that sometimes, because of their careless input,
> the articles is not rendered correctly.
>
> I want to know whether there are some good H
strip_tags does the tricks.
www.php.net/manual/en/function.strip-tags.php
BTW,
Why cn2 dot php.net blocked by the mail server?
The rejected message:
This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
php-general@lists.ph
20 matches
Mail list logo
