Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA -

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102717
interpreted = N
texte = --000e0cd297022e92a5046c720c96 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hi guys, Here is what I do - you can see it in action here: http://www.foe.ie/blog/2009/05/29/policymaking-21st-century-style-by-tweet/#comments I only allow limited HTML - and - though it could be extended to allow other tags. Basically I grep and replace the allowed tags and then remove all other HTML. I don't worry about WebDNA tags as I ensure the input comment is not wrapped with [interpret]. - Tom So the posted variable is [comment] [table name=basic_conversions&fields=from,to] & & " " [/table] [text]newvalue=[grep search=<(strong|/strong|em|/em|blockquote|/blockquote)>&replace=|\1|][comment][/grep][/text] [text]newvalue=[grep search=]*)>([^<]*)&replace=|a href=\1|\3|/a|][newvalue][/grep][/text] [text]newvalue=[removehtml][newvalue][/removehtml][/text] [text]newvalue=[grep search=\|(strong|/strong|em|/em|blockquote|/blockquote)\|&replace=<\1>][newvalue][/grep][/text] [text]newvalue=[grep search=\|a href=([^\|]*)\|([^\|]*)\|/a\|&replace=\2][newvalue][/grep][/text] [text]newvalue=[unurl][grep search=%250A&replace=][url][newvalue][/url][/grep][/unurl][/text] [text]newvalue=[grep search=%0D%0D&replace=

][newvalue][/grep][/text] [text]newvalue=[grep search=%0D&replace=
][newvalue][/grep][/text] [text]newvalue=[convertchars table=basic_conversions][newvalue][/convertchars][/text] The cleaned variable is then displayed and stored as:

[newvalue]

--000e0cd297022e92a5046c720c96 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi guys,

Here is what I do - you can see it in action he= re:

=C2=A0http://www.foe.ie/= blog/2009/05/29/policymaking-21st-century-style-by-tweet/#comments

I only allow limited HTML - <strong> <em> a= nd <a href=3D""></a> - though it could be extended to= allow other tags. =C2=A0Basically I grep and replace the allowed tags and = then remove all other HTML. =C2=A0I don't worry about WebDNA tags as I = ensure the input comment is not wrapped with [interpret].

- Tom


So the posted variable is [comment]

[table name=3Dbasic_conversions&fields=3Dfrom,to]<= /div>
&<= /span>&amp;
"= &quot;
[/table]

[text]newvalue=3D[grep search=3D&l= t;(strong|/strong|em|/em|blockquote|/blockquote)>&replace=3D|\1|][co= mment][/grep][/text]
[text]newvalue=3D[grep search=3D<a href=3D"([^"]*)"([^&g= t;]*)>([^<]*)</a>&replace=3D|a href=3D\1|\3|/a|][newvalue][= /grep][/text]
[text]newvalue=3D[removehtml][newvalue][/removehtml][/text]
[= text]newvalue=3D[grep search=3D\|(strong|/strong|em|/em|blockquote|/blockqu= ote)\|&replace=3D<\1>][newvalue][/grep][/text]
[text]newvalue=3D[grep search=3D\|a href=3D([^\|]*)\|([^\|]*)\|/a\|&re= place=3D<a href=3D"\1">\2</a>][newvalue][/grep][/text= ]
[text]newvalue=3D[unurl][grep search=3D%250A&replace=3D][url][newvalue= ][/url][/grep][/unurl][/text]
[text]newvalue=3D[grep search=3D= %0D%0D&replace=3D</p><p>][newvalue][/grep][/text]
[text]newvalue=3D[grep search=3D%0D&replace=3D<br />][newvalue][= /grep][/text]
[text]newvalue=3D[convertchars table=3Dbasic_con= versions][newvalue][/convertchars][/text]

The cleaned variable is then displayed and stored as:

=C2=A0=C2=A0 <p>[newvalue]</p>
<= div>=

--000e0cd297022e92a5046c720c96-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - (Tom Duke 2009)
  2. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
  3. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - (Tom Duke 2009)
  4. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
  5. RE: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) ("Olin Lagon" 2009)
  6. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Brian Fries 2009)
  7. [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
--000e0cd297022e92a5046c720c96 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hi guys, Here is what I do - you can see it in action here: http://www.foe.ie/blog/2009/05/29/policymaking-21st-century-style-by-tweet/#comments I only allow limited HTML - and - though it could be extended to allow other tags. Basically I grep and replace the allowed tags and then remove all other HTML. I don't worry about WebDNA tags as I ensure the input comment is not wrapped with [interpret]. - Tom So the posted variable is [comment] [table name=basic_conversions&fields=from,to] & & " " [/table] [text]newvalue=[grep search=<(strong|/strong|em|/em|blockquote|/blockquote)>&replace=|\1|][comment][/grep][/text] [text]newvalue=[grep search=]*)>([^<]*)&replace=|a href=\1|\3|/a|][newvalue][/grep][/text] [text]newvalue=[removehtml][newvalue][/removehtml][/text] [text]newvalue=[grep search=\|(strong|/strong|em|/em|blockquote|/blockquote)\|&replace=<\1>][newvalue][/grep][/text] [text]newvalue=[grep search=\|a href=([^\|]*)\|([^\|]*)\|/a\|&replace=\2][newvalue][/grep][/text] [text]newvalue=[unurl][grep search=%250A&replace=][url][newvalue][/url][/grep][/unurl][/text] [text]newvalue=[grep search=%0D%0D&replace=

][newvalue][/grep][/text] [text]newvalue=[grep search=%0D&replace=
][newvalue][/grep][/text] [text]newvalue=[convertchars table=basic_conversions][newvalue][/convertchars][/text] The cleaned variable is then displayed and stored as:

[newvalue]

--000e0cd297022e92a5046c720c96 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi guys,

Here is what I do - you can see it in action he= re:

=C2=A0http://www.foe.ie/= blog/2009/05/29/policymaking-21st-century-style-by-tweet/#comments

I only allow limited HTML - <strong> <em> a= nd <a href=3D""></a> - though it could be extended to= allow other tags. =C2=A0Basically I grep and replace the allowed tags and = then remove all other HTML. =C2=A0I don't worry about WebDNA tags as I = ensure the input comment is not wrapped with [interpret].

- Tom


So the posted variable is [comment]

[table name=3Dbasic_conversions&fields=3Dfrom,to]<= /div>
&<= /span>&amp;
"= &quot;
[/table]

[text]newvalue=3D[grep search=3D&l= t;(strong|/strong|em|/em|blockquote|/blockquote)>&replace=3D|\1|][co= mment][/grep][/text]
[text]newvalue=3D[grep search=3D<a href=3D"([^"]*)"([^&g= t;]*)>([^<]*)</a>&replace=3D|a href=3D\1|\3|/a|][newvalue][= /grep][/text]
[text]newvalue=3D[removehtml][newvalue][/removehtml][/text]
[= text]newvalue=3D[grep search=3D\|(strong|/strong|em|/em|blockquote|/blockqu= ote)\|&replace=3D<\1>][newvalue][/grep][/text]
[text]newvalue=3D[grep search=3D\|a href=3D([^\|]*)\|([^\|]*)\|/a\|&re= place=3D<a href=3D"\1">\2</a>][newvalue][/grep][/text= ]
[text]newvalue=3D[unurl][grep search=3D%250A&replace=3D][url][newvalue= ][/url][/grep][/unurl][/text]
[text]newvalue=3D[grep search=3D= %0D%0D&replace=3D</p><p>][newvalue][/grep][/text]
[text]newvalue=3D[grep search=3D%0D&replace=3D<br />][newvalue][= /grep][/text]
[text]newvalue=3D[convertchars table=3Dbasic_con= versions][newvalue][/convertchars][/text]

The cleaned variable is then displayed and stored as:

=C2=A0=C2=A0 <p>[newvalue]</p>
<= div>=

--000e0cd297022e92a5046c720c96-- Tom Duke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Plugin or CGI or both (1997) Need some feedback, please. (2003) DataBaseHelper Flawed (1997) Using [Showif] tag. Mac (1997) My server admin needs help ... (2004) Help! WebCat2 bug (1997) [UPPERCASE] (1997) Multiple security dbs (1997) Sort Order on a page search (1997) shipcost (1997) Order not created error (1997) Followup question re: checksum for credit cards? (1997) [WebDNA] FastCGI permissions on Ubuntu 16 (2016) removing commas from a preformatted number (2000) WC2b15 File Corruption (1997) Bug Report, maybe (1997) SKU (1997) BreadCrumb Trails (2001) Dynamic Generation of PDFs? (2003) problems with 2 tags (1997)