Allow users to post "Safe" HTML
This code pulls out all the nasty tags that a user sholdn't use when posting content. It also pulls out any javascript events assigned to any tags. A must have if you allow people to post HTML on your site.
AI
KI-Zusammenfassung: This codebase represents a historical implementation of the logic described in the metadata. Our preservation engine analyzes the structure to provide context for modern developers.
Quellcode
Function SafeHTML(ByVal pStrHTML)
Dim lObjRegExp
If VarType(pStrHTML) = vbNull Then Exit Function
If pStrHTML = "" Then Exit Function
Set lObjRegExp = New RegExp
lObjRegExp.Global = True
lObjRegExp.IgnoreCase = True
lObjRegExp.Pattern = "<(/)?SCRIPT|META|STYLE([^>]*)>"
pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1SCRIPT$3>")
lObjRegExp.Pattern = "<(/)?(LINK|IFRAME|FRAMESET|FRAME|APPLET|OBJECT)([^>]*)>"
pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1LINK$3>")
lObjRegExp.Pattern = "(<A[^>]+href\s?=\s?""?javascript:)[^""]*(""[^>]+>)"
pStrHTML = lObjRegExp.Replace(pStrHTML, "$1//protected$2")
lObjRegExp.Pattern = "(<IMG[^>]+src\s?=\s?""?javascript:)[^""]*(""[^>]+>)"
pStrHTML = lObjRegExp.Replace(pStrHTML, "$1//protected$2")
lObjRegExp.Pattern = "<([^>]*) on[^=\s]+\s?=\s?([^>]*)>"
pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1$3>")
Set lObjRegExp = Nothing
SafeHTML = pStrHTML
End Function
Originalkommentare (3)
Wiederhergestellt von der Wayback Machine