Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102716
interpreted = N
texte = Palle Bo Nielsen wrote: > Hi Frank, > > This is the solution which I already use. I just don't think it's > elegant enough and I can't print code snippets with out destroying [xxx] > and and without that the context is ruined. Yes, I kind'a thought you already were using that solution. If we can find a way around this we'll have a message board solution that not only matches, but beats, the best commercially available scripts. :-D What you want to do is allow only certain specified html tags through and convert all the others to plain text, right? (Or is it WebDNA tags? Doesn't matter really, the procedure would be more or less the same in either case.) The most obvious solution is to create a list of illegal tags and filter these out but that's a bit risky since there's always a chance you've overlooked one or two. How about a three step solution like this: 1) Replace all legal tags in the input with temporary "custom tags" from a table or database: " [legal WebDNA] [illegal WebDNA]" becomes: "{hlegal html}h {wlegal WebDNA}w [illegal WebDNA]" or something like that. 2) Convert remaining tags into plain text by replacing < with ≤, > with ≥, [ with [RAW][[/RAW] and ] with [RAW]][/RAW]: "{hlegal html}h {wlegal WebDNA}w [illegal WebDNA]" becomes: "{hlegal html}h ≤illegal html≥ {wlegal WebDNA}w [RAW][[/RAW]illegal WebDNA[RAW]][/RAW]" or - if you like, use a [RemoveHTML RemoveWebDNA=t] context to strip the illegal tags out completely. (Actually, you don't need to do anything about the closing characters of the tags. Replacing < with ≤ and/or [ with [RAW][[/RAW] is enough. That solution would simplify parsing in step 1, eliminating the need for a complex grep code.) 3) Run the text/database conversion in step 1 in reverse to reintroduce the legal tags, turning: "{hlegal html}h ≤illegal html≥ {wlegal WebDNA}w [RAW][[/RAW]illegal WebDNA[RAW]][/RAW]" into: " ≤illegal html≥ [legal WebDNA] [RAW][[/RAW]illegal WebDNA[RAW]][/RAW]" Essentially thi is the same as the standard "tag substitution" method except the user doesn't have to deal with those special tags, the server takes care of it for him/her. This will work, I'm just not sure if I explain it well enough - it's a bit too late at night here for such a complex concept. ;-) Whether it's elegant enough is a matter of perspective. From the programmer's point of view it may be a bit messy (and I hope somebody can come up with a more elegant solution) but all that mess will be hidden from the user. Frank Nordberg http://www.musicaviva.com Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - (Tom Duke 2009)
  2. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
  3. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - (Tom Duke 2009)
  4. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA (Frank Nordberg 2009)
  5. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
  6. RE: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) ("Olin Lagon" 2009)
  7. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA (Frank Nordberg 2009)
  8. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Brian Fries 2009)
  9. [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
Palle Bo Nielsen wrote: > Hi Frank, > > This is the solution which I already use. I just don't think it's > elegant enough and I can't print code snippets with out destroying [xxx] > and and without that the context is ruined. Yes, I kind'a thought you already were using that solution. If we can find a way around this we'll have a message board solution that not only matches, but beats, the best commercially available scripts. :-D What you want to do is allow only certain specified html tags through and convert all the others to plain text, right? (Or is it WebDNA tags? Doesn't matter really, the procedure would be more or less the same in either case.) The most obvious solution is to create a list of illegal tags and filter these out but that's a bit risky since there's always a chance you've overlooked one or two. How about a three step solution like this: 1) Replace all legal tags in the input with temporary "custom tags" from a table or database: " [legal WebDNA] [illegal WebDNA]" becomes: "{hlegal html}h {wlegal WebDNA}w [illegal WebDNA]" or something like that. 2) Convert remaining tags into plain text by replacing < with ≤, > with ≥, [ with [raw][[/RAW] and ] with [raw]][/RAW]: "{hlegal html}h {wlegal WebDNA}w [illegal WebDNA]" becomes: "{hlegal html}h ≤illegal html≥ {wlegal WebDNA}w [raw][[/RAW]illegal WebDNA[raw]][/RAW]" or - if you like, use a [RemoveHTML RemoveWebDNA=t] context to strip the illegal tags out completely. (Actually, you don't need to do anything about the closing characters of the tags. Replacing < with ≤ and/or [ with [raw][[/RAW] is enough. That solution would simplify parsing in step 1, eliminating the need for a complex grep code.) 3) Run the text/database conversion in step 1 in reverse to reintroduce the legal tags, turning: "{hlegal html}h ≤illegal html≥ {wlegal WebDNA}w [raw][[/RAW]illegal WebDNA[raw]][/RAW]" into: " ≤illegal html≥ [legal WebDNA] [raw][[/RAW]illegal WebDNA[raw]][/RAW]" Essentially thi is the same as the standard "tag substitution" method except the user doesn't have to deal with those special tags, the server takes care of it for him/her. This will work, I'm just not sure if I explain it well enough - it's a bit too late at night here for such a complex concept. ;-) Whether it's elegant enough is a matter of perspective. From the programmer's point of view it may be a bit messy (and I hope somebody can come up with a more elegant solution) but all that mess will be hidden from the user. Frank Nordberg http://www.musicaviva.com Frank Nordberg

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Snake Bites (1997) [addlineitems] (1997) no global [username] or [password] displayed ... (1997) Not reading code (1997) 4.5 Upgrade (2003) PHP vs. WebDNA (2003) A Trigger Question (2000) Upload to LINUX always breaks my sites - why? (2004) Templates on Unix & CGI on Mac? (1997) Fun with Dates - finally resolved but.... (1997) Frames and cart values (1998) quantity minimum problem (1997) $Append for Users outside the ADMIN group (1997) Creating main- and sub-category search (1997) RE: WebCatalog2 for NT Beta Request (1997) Postdata expired from cache (2004) AD Error Msg (1997) webcat, osx, and includes (2001) writing db to disk (1997) Problems with [Search] param - Mac Plugin b15 (1997)