Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA -

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102717
interpreted = N
texte = --000e0cd297022e92a5046c720c96 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hi guys, Here is what I do - you can see it in action here: http://www.foe.ie/blog/2009/05/29/policymaking-21st-century-style-by-tweet/#comments I only allow limited HTML - and - though it could be extended to allow other tags. Basically I grep and replace the allowed tags and then remove all other HTML. I don't worry about WebDNA tags as I ensure the input comment is not wrapped with [interpret]. - Tom So the posted variable is [comment] [table name=basic_conversions&fields=from,to] & & " " [/table] [text]newvalue=[grep search=<(strong|/strong|em|/em|blockquote|/blockquote)>&replace=|\1|][comment][/grep][/text] [text]newvalue=[grep search=]*)>([^<]*)&replace=|a href=\1|\3|/a|][newvalue][/grep][/text] [text]newvalue=[removehtml][newvalue][/removehtml][/text] [text]newvalue=[grep search=\|(strong|/strong|em|/em|blockquote|/blockquote)\|&replace=<\1>][newvalue][/grep][/text] [text]newvalue=[grep search=\|a href=([^\|]*)\|([^\|]*)\|/a\|&replace=\2][newvalue][/grep][/text] [text]newvalue=[unurl][grep search=%250A&replace=][url][newvalue][/url][/grep][/unurl][/text] [text]newvalue=[grep search=%0D%0D&replace=

][newvalue][/grep][/text] [text]newvalue=[grep search=%0D&replace=
][newvalue][/grep][/text] [text]newvalue=[convertchars table=basic_conversions][newvalue][/convertchars][/text] The cleaned variable is then displayed and stored as:

[newvalue]

--000e0cd297022e92a5046c720c96 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi guys,

Here is what I do - you can see it in action he= re:

=C2=A0http://www.foe.ie/= blog/2009/05/29/policymaking-21st-century-style-by-tweet/#comments

I only allow limited HTML - <strong> <em> a= nd <a href=3D""></a> - though it could be extended to= allow other tags. =C2=A0Basically I grep and replace the allowed tags and = then remove all other HTML. =C2=A0I don't worry about WebDNA tags as I = ensure the input comment is not wrapped with [interpret].

- Tom


So the posted variable is [comment]

[table name=3Dbasic_conversions&fields=3Dfrom,to]<= /div>
&<= /span>&amp;
"= &quot;
[/table]

[text]newvalue=3D[grep search=3D&l= t;(strong|/strong|em|/em|blockquote|/blockquote)>&replace=3D|\1|][co= mment][/grep][/text]
[text]newvalue=3D[grep search=3D<a href=3D"([^"]*)"([^&g= t;]*)>([^<]*)</a>&replace=3D|a href=3D\1|\3|/a|][newvalue][= /grep][/text]
[text]newvalue=3D[removehtml][newvalue][/removehtml][/text]
[= text]newvalue=3D[grep search=3D\|(strong|/strong|em|/em|blockquote|/blockqu= ote)\|&replace=3D<\1>][newvalue][/grep][/text]
[text]newvalue=3D[grep search=3D\|a href=3D([^\|]*)\|([^\|]*)\|/a\|&re= place=3D<a href=3D"\1">\2</a>][newvalue][/grep][/text= ]
[text]newvalue=3D[unurl][grep search=3D%250A&replace=3D][url][newvalue= ][/url][/grep][/unurl][/text]
[text]newvalue=3D[grep search=3D= %0D%0D&replace=3D</p><p>][newvalue][/grep][/text]
[text]newvalue=3D[grep search=3D%0D&replace=3D<br />][newvalue][= /grep][/text]
[text]newvalue=3D[convertchars table=3Dbasic_con= versions][newvalue][/convertchars][/text]

The cleaned variable is then displayed and stored as:

=C2=A0=C2=A0 <p>[newvalue]</p>
<= div>=

--000e0cd297022e92a5046c720c96-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - (Tom Duke 2009)
  2. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
  3. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - (Tom Duke 2009)
  4. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
  5. RE: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) ("Olin Lagon" 2009)
  6. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Brian Fries 2009)
  7. [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
--000e0cd297022e92a5046c720c96 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hi guys, Here is what I do - you can see it in action here: http://www.foe.ie/blog/2009/05/29/policymaking-21st-century-style-by-tweet/#comments I only allow limited HTML - and - though it could be extended to allow other tags. Basically I grep and replace the allowed tags and then remove all other HTML. I don't worry about WebDNA tags as I ensure the input comment is not wrapped with [interpret]. - Tom So the posted variable is [comment] [table name=basic_conversions&fields=from,to] & & " " [/table] [text]newvalue=[grep search=<(strong|/strong|em|/em|blockquote|/blockquote)>&replace=|\1|][comment][/grep][/text] [text]newvalue=[grep search=]*)>([^<]*)&replace=|a href=\1|\3|/a|][newvalue][/grep][/text] [text]newvalue=[removehtml][newvalue][/removehtml][/text] [text]newvalue=[grep search=\|(strong|/strong|em|/em|blockquote|/blockquote)\|&replace=<\1>][newvalue][/grep][/text] [text]newvalue=[grep search=\|a href=([^\|]*)\|([^\|]*)\|/a\|&replace=\2][newvalue][/grep][/text] [text]newvalue=[unurl][grep search=%250A&replace=][url][newvalue][/url][/grep][/unurl][/text] [text]newvalue=[grep search=%0D%0D&replace=

][newvalue][/grep][/text] [text]newvalue=[grep search=%0D&replace=
][newvalue][/grep][/text] [text]newvalue=[convertchars table=basic_conversions][newvalue][/convertchars][/text] The cleaned variable is then displayed and stored as:

[newvalue]

--000e0cd297022e92a5046c720c96 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi guys,

Here is what I do - you can see it in action he= re:

=C2=A0http://www.foe.ie/= blog/2009/05/29/policymaking-21st-century-style-by-tweet/#comments

I only allow limited HTML - <strong> <em> a= nd <a href=3D""></a> - though it could be extended to= allow other tags. =C2=A0Basically I grep and replace the allowed tags and = then remove all other HTML. =C2=A0I don't worry about WebDNA tags as I = ensure the input comment is not wrapped with [interpret].

- Tom


So the posted variable is [comment]

[table name=3Dbasic_conversions&fields=3Dfrom,to]<= /div>
&<= /span>&amp;
"= &quot;
[/table]

[text]newvalue=3D[grep search=3D&l= t;(strong|/strong|em|/em|blockquote|/blockquote)>&replace=3D|\1|][co= mment][/grep][/text]
[text]newvalue=3D[grep search=3D<a href=3D"([^"]*)"([^&g= t;]*)>([^<]*)</a>&replace=3D|a href=3D\1|\3|/a|][newvalue][= /grep][/text]
[text]newvalue=3D[removehtml][newvalue][/removehtml][/text]
[= text]newvalue=3D[grep search=3D\|(strong|/strong|em|/em|blockquote|/blockqu= ote)\|&replace=3D<\1>][newvalue][/grep][/text]
[text]newvalue=3D[grep search=3D\|a href=3D([^\|]*)\|([^\|]*)\|/a\|&re= place=3D<a href=3D"\1">\2</a>][newvalue][/grep][/text= ]
[text]newvalue=3D[unurl][grep search=3D%250A&replace=3D][url][newvalue= ][/url][/grep][/unurl][/text]
[text]newvalue=3D[grep search=3D= %0D%0D&replace=3D</p><p>][newvalue][/grep][/text]
[text]newvalue=3D[grep search=3D%0D&replace=3D<br />][newvalue][= /grep][/text]
[text]newvalue=3D[convertchars table=3Dbasic_con= versions][newvalue][/convertchars][/text]

The cleaned variable is then displayed and stored as:

=C2=A0=C2=A0 <p>[newvalue]</p>
<= div>=

--000e0cd297022e92a5046c720c96-- Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCat2: multiple currency support (1997) Image upload (2000) WC Database Format (1997) WebCat2 beta FTP site (1997) Sort Order on a page search (1997) FM PRO Compatibility Issue - Single Database w/o Conversions (1997) [WriteFile] problems (1997) WebDelivery downloads alias, not original ? (1997) Where's Cart Created ? (1997) _ in front of field name (1998) Active Server Code... (1998) duplicate items in cart (1998) Permission denied? (2004) FM PRO Compatibility Issue - Single Database w/o Conversions (1997) [OT] Robust order processing (2003) Taget _top (2000) Alternating colors (1997) minimalist shopping cart. (1997) Encrypt Users.db problem (1998) Running 2 two WebCatalog.acgi's (1996)