Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Another security question.

Validating code to allow html

4:08 am on Nov 29, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 26, 2005
votes: 0

Hello again.

I am currently working on a Bulletin Board system for an acquaintance of mine. All was going well until I was asked to script it to allow HTML OR BBCode (for images and links only). Both of which have atleast some vulnerabilities. HTML more than BBCode.

At the moment, I am leaning toward BBCode as it "seems" to be the safer route. As, I have never coded for BBCode before, I did a google for more info. I came across this tutorial (http://www.iceteks.com/articles.php/javascript2/1) which gave me a good start.

Now, is this tutorial/method safe? If not, what should I be looking for? Don't be too specific. I learn best from doing it myself, but security is not something I am keen on as of yet.

Thoughts/Suggestions are welcomed.
Thak you,

4:27 am on Nov 29, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 13, 2003
votes: 0

Looks good. There's also a more developed package in PEAR [pear.php.net] (although I've never used it).