3 Replies - 924 Views - Last Post: 17 May 2013 - 07:12 PM Rate Topic: -----

#1 adn258  Icon User is offline

  • D.I.C Addict

Reputation: 11
  • View blog
  • Posts: 763
  • Joined: 31-August 11

HTMLPURIFIER Vs. Nothing Vs. htmlspecialchars etc.?

Posted 17 May 2013 - 03:21 PM

So I'm stuck in one of these catch 22 situations again. I'm creating a site where I want to allow users to embed youtube videos, links etc. It appears if you want to let users input ANYTHING BESIDES JUST TEXT then you need a parser. This is of course a huge pain in the neck as it slows things down.

HTMLPURIFIER seems to work well but of course it slows things down. I've noticed PHPBB and other products have some sort of filtering capability. When you want users to have some freedom and post interesting content like images, youtube videos etc. how can this be done efficiently? What's the secret?

Is This A Good Question/Topic? 0
  • +

Replies To: HTMLPURIFIER Vs. Nothing Vs. htmlspecialchars etc.?

#2 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3730
  • View blog
  • Posts: 6,017
  • Joined: 08-June 10

Re: HTMLPURIFIER Vs. Nothing Vs. htmlspecialchars etc.?

Posted 17 May 2013 - 04:17 PM

Things like BBCode have been used for ages to solve this problem. Unless you want to attempt to build some overly complicate HTML filtering methods, this is what I would suggest.

As for slowing things down. Honestly, I wouldn't look at it as a major concern. It's not that big of a drain that it should be avoided. Don't be going out of your way to find alternatives unless you've actually profiled this as a bottleneck.
Was This Post Helpful? 0
  • +
  • -

#3 adn258  Icon User is offline

  • D.I.C Addict

Reputation: 11
  • View blog
  • Posts: 763
  • Joined: 31-August 11

Re: HTMLPURIFIER Vs. Nothing Vs. htmlspecialchars etc.?

Posted 17 May 2013 - 04:52 PM

but html purifier doesn't use bbcode which is fine by me but I'm wondering what sites like this use with their bbcode or is that necessary why not just stick with html purifier then?
Was This Post Helpful? 0
  • +
  • -

#4 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3730
  • View blog
  • Posts: 6,017
  • Joined: 08-June 10

Re: HTMLPURIFIER Vs. Nothing Vs. htmlspecialchars etc.?

Posted 17 May 2013 - 07:12 PM

I've never used HTML Purifier myself, or seen the need to. Running the output through one of PHP's HTML filtering functions, like strip_tags or htmlentities, and then optionally through a BBCode filter (or whatever else you would prefer instead) seems more or less sufficient for most situations. I see no need to let users enter actual HTML code, when BBCode or Markup will give users the exact same abilities, and are far safer and easier to control.

I suppose HTML purifier could be used instead of the PHP HTML filtering functions, with a BBCode parser running it's output. Should give the same results, as far as I can see.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1