Disallowing HTML input from textareas - how to do? |
[eluser]Jay Turley[/eluser]
My goal is to keep users from inputting HTML in a textarea. I know codeigniter has the Text Helper, which has the word_censor() function. Clearly I could do the following: Code: $disallowed = array('<strong>', '</strong>'); // repeat with all desired HTML elements However, first of all, that only works for the exact matches, so anchors are going to be a problem. And it's very brittle anyway. I figure I'm not the first person to run into this, and I'm hoping someone out there in the community has a nice solution for this. Thanks!
[eluser]Colin Williams[/eluser]
PHP has a nifty strip_tags() function. You tell it which tags not to strip. If you want to generate an error, you could probably check the string length of stripped vs non-stripped input, but there might be more efficient ways to do this check Code: if (strlen($input) !== strlen(strip_tags($input)) See: http://us3.php.net/strlen http://us3.php.net/strip_tags
[eluser]Jay Turley[/eluser]
Colin- That is *exactly* what I was looking for. Chalk this one up to my inexperience with the full set of PHP functions. Thanks tons, mate! -Jay
[eluser]Dam1an[/eluser]
You can be expected to know all the PHP functions, there is after all ~3500 of them lol But this is definatly one worth remembering
[eluser]skunkbad[/eluser]
I'm new to CI, so I'm certainly no expert, but on my website I use both javascript and php to search for the presence of > or < characters in all form fields, and disable the submit button (javascript), or send the user back to the form with an error message. Other sub-strings are searched for to determine if a link is trying to be made. The javascript is quite simple, and you might go to my site and view the javascript for an example. I use a callback function during regular CI form validation to look for the special symbols or words I want to ban. Code: public function _validateEmail($email) { |
Welcome Guest, Not a member yet? Register Sign In |