I am trying to create a simple BB code like script in PHP for my forum. The problem is, I am not sure how to stop a user posting something like this..
[b] Hahah
[b] Will make all of your text
[b] on this page bold
This would display (because I'm replacing words)
<strong> Hahah
<strong> Will make all of your text
<strong> on this page bold
What would be a good way to prevent this and end the tags at the bottom of the post?
分享 Replacing BBCode by HTML is actually not as easy as it seems. Just using str_replace() will never be good enough. Because, as you said, people can just only place the open tag and this way, change your layout. A popular 'solution' is to use preg_replace() instead, with a regular expression that matches both the open and close tag. That, however, is quite unsafe with BBCode tags like [url] (you can insert JavaScript in those URL tags).
However, there are some libraries out there that are very good in replacing BBCode. StringParser_BBCode is one of those. Those libraries do a little more than just replacing. For example, they will usually prevent malformed BBCode like [b][i]foo[/b][i] to turn into <strong><em>foo</strong></em> (which is malformed HTML). And also, they can do a lot more on preventing XSS injections.
分享
