1 Replies - 1271 Views - Last Post: 02 December 2002 - 01:19 PM

#1 Andre_h2  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 02-December 02

Filtering Javascript

Post icon  Posted 02 December 2002 - 12:44 PM

Hey guys,
i was just wondering if someone new a way to secure a forum of Javascript posts.

<img> and <a> tags are allowed.
If someone would do
<img src="javascript:alert(document.cookie)">
it would not be that great. (the same for <a>)

Is there a way to figure out that this image or link contains javascript and i'm just deleting that part of the message?

i guess it would be something with eregi and strpos but i'm not quite sure how to do it.

Any Help would be appreciated, thanks.

Is This A Good Question/Topic? 0
  • +

Replies To: Filtering Javascript

#2 gneato  Icon User is offline

  • <title>Untitled Document</title>

Reputation: 0
  • View blog
  • Posts: 1,311
  • Joined: 03-September 01

Re: Filtering Javascript

Posted 02 December 2002 - 01:19 PM

Best way to get around this, if you can, is by using an alternative markup, like the standard quare bracket type... e.g. [url ]http://blah[/url] and [b ]bold[/b]

Then you do some eregi_replace commands and you're all set.

You could also allow simple <b> and <i> and <u> tags, that's a part of the strip_tags function.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1