Forum Moderators: open
I want to know how can I disable the html when someone writes in it. The user can add there some scripts to autoredirect to other websites.
Also that way I could remove <br> when I want to start a new line.
I want to know how can I disable the html when someone writes in it. The user can add there some scripts to autoredirect to other websites.
disable what html?
The textarea?
<textarea onchange="this.disabled = true"></textarea>
But that doesn't make sense...
- JS
If you want just a regular expression:
textarea.value.replace(\<.+>\ig,"");
this will kill all text between a < and a >, so if a user is typeing programming code, they would need to use < and >
- JS
function removeEvilAttributes($tagSource){
$stripAttrib = "' (class夸avascript:她nclick她ndblclick她nmousedown她nmouseup她nmouseover她nmousemove她nmouseout她nkeypress她nkeydown她nkeyup她ncontextmenu)=\"(.*?)\"'i";
$tagSource = stripslashes($tagSource);
$tagSource = preg_replace($stripAttrib, '', $tagSource);
return $tagSource;
}
function removeEvilTags($source) {
$allowedTags = '<h1><h2><h3><h4><h5><h6><br><b><p><u><i><a><ol><ul><li><pre><hr><blockquote><table><tr><td><th><span><div><strong><tbody><sup><font>';
$source = strip_tags($source, $allowedTags);
return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source);
}
$goodText = removeEvilTag($evilTextAreaText);
- JS
