Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA -

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102717
interpreted = N
texte = --000e0cd297022e92a5046c720c96 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hi guys, Here is what I do - you can see it in action here: http://www.foe.ie/blog/2009/05/29/policymaking-21st-century-style-by-tweet/#comments I only allow limited HTML - and - though it could be extended to allow other tags. Basically I grep and replace the allowed tags and then remove all other HTML. I don't worry about WebDNA tags as I ensure the input comment is not wrapped with [interpret]. - Tom So the posted variable is [comment] [table name=basic_conversions&fields=from,to] & & " " [/table] [text]newvalue=[grep search=<(strong|/strong|em|/em|blockquote|/blockquote)>&replace=|\1|][comment][/grep][/text] [text]newvalue=[grep search=]*)>([^<]*)&replace=|a href=\1|\3|/a|][newvalue][/grep][/text] [text]newvalue=[removehtml][newvalue][/removehtml][/text] [text]newvalue=[grep search=\|(strong|/strong|em|/em|blockquote|/blockquote)\|&replace=<\1>][newvalue][/grep][/text] [text]newvalue=[grep search=\|a href=([^\|]*)\|([^\|]*)\|/a\|&replace=\2][newvalue][/grep][/text] [text]newvalue=[unurl][grep search=%250A&replace=][url][newvalue][/url][/grep][/unurl][/text] [text]newvalue=[grep search=%0D%0D&replace=

][newvalue][/grep][/text] [text]newvalue=[grep search=%0D&replace=
][newvalue][/grep][/text] [text]newvalue=[convertchars table=basic_conversions][newvalue][/convertchars][/text] The cleaned variable is then displayed and stored as:

[newvalue]

--000e0cd297022e92a5046c720c96 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi guys,

Here is what I do - you can see it in action he= re:

=C2=A0http://www.foe.ie/= blog/2009/05/29/policymaking-21st-century-style-by-tweet/#comments

I only allow limited HTML - <strong> <em> a= nd <a href=3D""></a> - though it could be extended to= allow other tags. =C2=A0Basically I grep and replace the allowed tags and = then remove all other HTML. =C2=A0I don't worry about WebDNA tags as I = ensure the input comment is not wrapped with [interpret].

- Tom


So the posted variable is [comment]

[table name=3Dbasic_conversions&fields=3Dfrom,to]<= /div>
&<= /span>&amp;
"= &quot;
[/table]

[text]newvalue=3D[grep search=3D&l= t;(strong|/strong|em|/em|blockquote|/blockquote)>&replace=3D|\1|][co= mment][/grep][/text]
[text]newvalue=3D[grep search=3D<a href=3D"([^"]*)"([^&g= t;]*)>([^<]*)</a>&replace=3D|a href=3D\1|\3|/a|][newvalue][= /grep][/text]
[text]newvalue=3D[removehtml][newvalue][/removehtml][/text]
[= text]newvalue=3D[grep search=3D\|(strong|/strong|em|/em|blockquote|/blockqu= ote)\|&replace=3D<\1>][newvalue][/grep][/text]
[text]newvalue=3D[grep search=3D\|a href=3D([^\|]*)\|([^\|]*)\|/a\|&re= place=3D<a href=3D"\1">\2</a>][newvalue][/grep][/text= ]
[text]newvalue=3D[unurl][grep search=3D%250A&replace=3D][url][newvalue= ][/url][/grep][/unurl][/text]
[text]newvalue=3D[grep search=3D= %0D%0D&replace=3D</p><p>][newvalue][/grep][/text]
[text]newvalue=3D[grep search=3D%0D&replace=3D<br />][newvalue][= /grep][/text]
[text]newvalue=3D[convertchars table=3Dbasic_con= versions][newvalue][/convertchars][/text]

The cleaned variable is then displayed and stored as:

=C2=A0=C2=A0 <p>[newvalue]</p>
<= div>=

--000e0cd297022e92a5046c720c96-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - (Tom Duke 2009)
  2. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
  3. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - (Tom Duke 2009)
  4. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
  5. RE: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) ("Olin Lagon" 2009)
  6. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Brian Fries 2009)
  7. [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
--000e0cd297022e92a5046c720c96 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hi guys, Here is what I do - you can see it in action here: http://www.foe.ie/blog/2009/05/29/policymaking-21st-century-style-by-tweet/#comments I only allow limited HTML - and - though it could be extended to allow other tags. Basically I grep and replace the allowed tags and then remove all other HTML. I don't worry about WebDNA tags as I ensure the input comment is not wrapped with [interpret]. - Tom So the posted variable is [comment] [table name=basic_conversions&fields=from,to] & & " " [/table] [text]newvalue=[grep search=<(strong|/strong|em|/em|blockquote|/blockquote)>&replace=|\1|][comment][/grep][/text] [text]newvalue=[grep search=]*)>([^<]*)&replace=|a href=\1|\3|/a|][newvalue][/grep][/text] [text]newvalue=[removehtml][newvalue][/removehtml][/text] [text]newvalue=[grep search=\|(strong|/strong|em|/em|blockquote|/blockquote)\|&replace=<\1>][newvalue][/grep][/text] [text]newvalue=[grep search=\|a href=([^\|]*)\|([^\|]*)\|/a\|&replace=\2][newvalue][/grep][/text] [text]newvalue=[unurl][grep search=%250A&replace=][url][newvalue][/url][/grep][/unurl][/text] [text]newvalue=[grep search=%0D%0D&replace=

][newvalue][/grep][/text] [text]newvalue=[grep search=%0D&replace=
][newvalue][/grep][/text] [text]newvalue=[convertchars table=basic_conversions][newvalue][/convertchars][/text] The cleaned variable is then displayed and stored as:

[newvalue]

--000e0cd297022e92a5046c720c96 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi guys,

Here is what I do - you can see it in action he= re:

=C2=A0http://www.foe.ie/= blog/2009/05/29/policymaking-21st-century-style-by-tweet/#comments

I only allow limited HTML - <strong> <em> a= nd <a href=3D""></a> - though it could be extended to= allow other tags. =C2=A0Basically I grep and replace the allowed tags and = then remove all other HTML. =C2=A0I don't worry about WebDNA tags as I = ensure the input comment is not wrapped with [interpret].

- Tom


So the posted variable is [comment]

[table name=3Dbasic_conversions&fields=3Dfrom,to]<= /div>
&<= /span>&amp;
"= &quot;
[/table]

[text]newvalue=3D[grep search=3D&l= t;(strong|/strong|em|/em|blockquote|/blockquote)>&replace=3D|\1|][co= mment][/grep][/text]
[text]newvalue=3D[grep search=3D<a href=3D"([^"]*)"([^&g= t;]*)>([^<]*)</a>&replace=3D|a href=3D\1|\3|/a|][newvalue][= /grep][/text]
[text]newvalue=3D[removehtml][newvalue][/removehtml][/text]
[= text]newvalue=3D[grep search=3D\|(strong|/strong|em|/em|blockquote|/blockqu= ote)\|&replace=3D<\1>][newvalue][/grep][/text]
[text]newvalue=3D[grep search=3D\|a href=3D([^\|]*)\|([^\|]*)\|/a\|&re= place=3D<a href=3D"\1">\2</a>][newvalue][/grep][/text= ]
[text]newvalue=3D[unurl][grep search=3D%250A&replace=3D][url][newvalue= ][/url][/grep][/unurl][/text]
[text]newvalue=3D[grep search=3D= %0D%0D&replace=3D</p><p>][newvalue][/grep][/text]
[text]newvalue=3D[grep search=3D%0D&replace=3D<br />][newvalue][= /grep][/text]
[text]newvalue=3D[convertchars table=3Dbasic_con= versions][newvalue][/convertchars][/text]

The cleaned variable is then displayed and stored as:

=C2=A0=C2=A0 <p>[newvalue]</p>
<= div>=

--000e0cd297022e92a5046c720c96-- Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

PSC recommends what date format yr 2000??? (1997) several .hdr files with one db file? (1999) Empty Shopping Carts? (1998) RE: Clearing orders and database help! (1997) Only charge card when product shipped ? (1997) browser info.txt and SSL (1997) Seeking Better Display of results... (1997) Another bug to squash (WebCat2b13 Mac .acgi) (1997) UPDATE PROBLEM (1997) Using Cookie for client specific info? (1997) different show next (1997) Crazy dates (was: sorting dates) (1999) insert graphic in email (2000) [SQL] on MacOs to SQL Server ... HOW TO? (2000) no global [username] or [password] displayed ... (1997) Multiple prices (1997) BBedit glossary for WebCat? (2000) Re1000002: Setting up shop (1997) [shell] (2002) New Mac Public Beta Available (1997)