Re: How can I allow certain HTML tags within a textarea?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Gabriella" <frohlinger@xxxxxxxxx>
• Date: 8 Feb 2007 00:33:45 -0800

---

On Feb 6, 4:17 pm, Ayush <"ayushmaan.j[aatt]gmail.com"> wrote:

Replied to [Gabriella]s message :

Hi,

I have a website (http://www.grazeit.com), where users can post notes
with free text.
I would like to allow users SOME HTML tags in the textarea (not all
HTML tags because otherwise I'll be exposed to XSS and other tricks).

I would like to allow only the following tags:
'a' => 'href', 'target'
'b' => None
'blockquote' => None
'em' => None
'i' => None
'img' => 'src', 'width', 'height', 'alt', 'title' (of course, without
window.location, javascript:, etc... but only "http://www..."; and
would also like to limit the values of width and height)
'strong' => None
'u' => None

How do I check it (on server-side of course)?
With Regular Expression? Can you show me how?

This will tell you about all the valid tags in textarea with id txtA then you can do
whatever you want with it.

Sub testRx
set rXp = New RegExp
rXp.IgnoreCase = 1 : rXp.Global=1
ok = true
tagss=""
rXp.Pattern = "<\s*(\w).*?>(?=[\s\S]*</\1\s*>)"
set tags = rXp.Execute(txtA.innerText)
For Each tag in tags
tagss = tagss & tag & vbCr
Next
msgbox tagss
End Sub

Good Luck, Ayush.
--
XP-Tips [Auto logon for Windows XP] :http://www.microsoft.com/windowsxp/using/setup/tips/advanced/autologo...

Hi,
Thanks for the sub, but I still have trouble with it.
First, I think that it does not fetch all the HTML tags in my
textarea.
Second, the "tag" variable returns the entire tag, e.g.: <a
href="...">something</a> and I still have to parse it to find out
which tag it is (is it from my allowed-tags list or not), as well as
check the attributes of the tag (e.g.: <img src="javascript:..."> is
not allowed).

Any ideas?

Thanks again, Gabi
This sub does only part of the work.

.

---

• Follow-Ups:
  • Re: How can I allow certain HTML tags within a textarea?
    • From: Ayush

• References:
  • How can I allow certain HTML tags within a textarea?
    • From: Gabriella
  • Re: How can I allow certain HTML tags within a textarea?
    • From: Ayush

• Prev by Date: Re: er, um, wrong again...
• Next by Date: Re: How can I allow certain HTML tags within a textarea?
• Previous by thread: Re: How can I allow certain HTML tags within a textarea?
• Next by thread: Re: How can I allow certain HTML tags within a textarea?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: How can I allow certain HTML tags within a textarea? ... HTML tags because otherwise I'll be exposed to XSS and other tricks). ... set rXp = New RegExp ... tagss = tagss & tag & vbCr ... (microsoft.public.scripting.vbscript) Re: Work with HTML and INPUT ... > I have one application in PHP where the user can send the HTML tags through a textarea input. ... (alt.php) Work with HTML and INPUT ... I have one application in PHP where the user can send the HTML tags through a textarea input. ... How I can to liberate the send the HTML tags and reload this code in the textarea without have problems with the tags inserted by user? ... (alt.php) Re: Work with HTML and INPUT ... you don't have to worry about html error. ... > through a textarea input. ... > How I can to liberate the send the HTML tags and reload this code in the ... (alt.php) Using <textarea> tags ... anyone ever use <textarea> tags with fp? ... just reading up on them, I want to try something, but want to know if there'd be any probs with fp. ... (microsoft.public.frontpage.client)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Scripting  > microsoft.public.scripting.vbscript  > 2007-02