|
Post by Brent on Dec 26, 2007 17:13:41 GMT -5
I posted on my site some code to tame user-entered HTML. It might be a good addition to the runWiki demo. www.b6sw.com/forum/viewtopic.php?t=306EDIT TO ADD: This code is designed to parse HTML code, which has been submitted by a user. It tries to eliminate the potential to wreck the design of a web page, advertise, or even install malware on the computers of venerable users of your site. The routine goes through one character at a time, breaking the text apart, classifying them and normalizing HTML code to some degree. You can paste the RB code into your program or create a module and use the RUN command to include it. Your program muse get the user-entered code into a string variable. That variable is passed to the tameHtml function and it does the parsing and normalizing. "tameHtml" calls three auxillary routines which are meant to be modified to meet your site's needs. tameHtmlTag is passed an HTML tag name and returns a boolean result, true (nonzero) if the tag is "tame," false (0) if it is not acceptable, the latter resulting in the removal of that tag's element. tameHtmlAttrName is passed an HTML attribute name and returns a boolean value, true if the attribute is "tame," false if it is not, the latter resulting in that attribute's removal. And tameHtmlAttrValue is passed a variable containing an attribute value (the text after the "=") and tries to catch problems and correct them.
|
|
|
Post by carlgundel on Dec 26, 2007 17:27:47 GMT -5
Thanks Brent. I'd like to include this. You've been very generous providing this, but could I trouble you to write a short description of what this code does? Why is it needed in a real application? How do I use it? I could write something but I think you could do a better job since you wrote the code. Of course those hosting apps privately may not need to worry about people hacking their web applications. I guess we probably do need a security related message area on this forum site. -Carl
|
|
|
Post by Brent on Dec 26, 2007 21:53:18 GMT -5
Carl, you're welcome. I'll have an improved version posted by tomorrow. I was in a hurry and I see several bugs, so hold off just a bit before using. If anyone has an opinion on improving the routine, I'm happy to take them.
|
|