Allow users to post "Safe" HTML
This code pulls out all the nasty tags that a user sholdn't use when posting content. It also pulls out any javascript events assigned to any tags. A must have if you allow people to post HTML on your site.
Original Author: Lewis E. Moten III
API Declarations
(c)Copyright 2001 Lewis Edward Moten III, All rights reserved.
Code
Function SafeHTML(ByVal pStrHTML)
Dim lObjRegExp
If VarType(pStrHTML) = vbNull Then Exit Function
If pStrHTML = "" Then Exit Function
Set lObjRegExp = New RegExp
lObjRegExp.Global = True
lObjRegExp.IgnoreCase = True
lObjRegExp.Pattern = "<(/)?SCRIPT|META|STYLE([^>]*)>"
pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1SCRIPT$3>")
lObjRegExp.Pattern = "<(/)?(LINK|IFRAME|FRAMESET|FRAME|APPLET|OBJECT)([^>]*)>"
pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1LINK$3>")
lObjRegExp.Pattern = "(]+hrefs?=s?""?javascript:)[^""]*(""[^>]+>)"
pStrHTML = lObjRegExp.Replace(pStrHTML, "$1//protected$2")
lObjRegExp.Pattern = "(]+srcs?=s?""?javascript:)[^""]*(""[^>]+>)"
pStrHTML = lObjRegExp.Replace(pStrHTML, "$1//protected$2")
lObjRegExp.Pattern = "<([^>]*) on[^=s]+s?=s?([^>]*)>"
pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1$3>")
Set lObjRegExp = Nothing
SafeHTML = pStrHTML
End Function
Loading Comments ...
Comments
No comments have been added for this post.
You must be logged in to make a comment.