Discuss mailing list

["Dmitry S. Nikolaev" <dn AT mega-net.ru>]

User enter [b]bold[/b], we put in DB [b]bold[/b] and when output from DB it look like bold

All unknown tags are deleted, the <> converted to HTML entities and never replaced back in the output.

It`s the same how phpBB engine works. That I meant.

With best regards, Dmitry S. Nikolaev

Moscow, Russia
phone: +7 (499) 678 8007 [ext. 6003]
fax: +7 (499) 678 8007 [ext. 7777]
www: http://www.mega-net.ru
mail: dnikolaev AT mega-net.ru
SIP URI: dnikolaev AT sip.mega-net.ru || dn AT sip.mega-net.ru

On 12.09.2017 12:54, Al Beano wrote:

When you say "replacement to bbcode", do you mean literally replacing bbcode tags with HTML tags? That's insecure, as shown the example in my previous email. 

If you use a parsing library, like HTML::BBCode or PHP's built-in bbcode functions, then it should be okay. 

Regardless, I'd recommend Markdown instead, it seems to be the new hip markup format and is easier (imo) to use. 

On 12 September 2017 10:45:46 BST, "Dmitry S. Nikolaev" <dn AT mega-net.ru> wrote:

Hi Al.

And what about this ? If you are talking about existing code - provide
full code.
If you are talking in the abstract - I don`t understood what you mean.

Ofc that you need "straight hands" and "brain not in the ass" :) when
you doing by yourself.

With best regards, Dmitry S. Nikolaev