Allow users to post "Safe" HTML

---

This code pulls out all the nasty tags that a user sholdn't use when posting content. It also pulls out any javascript events assigned to any tags. A must have if you allow people to post HTML on your site.

Original Author: Lewis E. Moten III

API Declarations

(c)Copyright 2001 Lewis Edward Moten III, All rights reserved.

Code

Function SafeHTML(ByVal pStrHTML)

Dim lObjRegExp
If VarType(pStrHTML) = vbNull Then Exit Function
If pStrHTML = "" Then Exit Function
Set lObjRegExp = New RegExp
lObjRegExp.Global = True
lObjRegExp.IgnoreCase = True
lObjRegExp.Pattern = "<(/)?SCRIPT|META|STYLE([^>]*)>"
pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1SCRIPT$3>")
lObjRegExp.Pattern = "<(/)?(LINK|IFRAME|FRAMESET|FRAME|APPLET|OBJECT)([^>]*)>"
pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1LINK$3>")
lObjRegExp.Pattern = "(]+hrefs?=s?""?javascript:)[^""]*(""[^>]+>)"
pStrHTML = lObjRegExp.Replace(pStrHTML, "$1//protected$2")
lObjRegExp.Pattern = "(]+srcs?=s?""?javascript:)[^""]*(""[^>]+>)"
pStrHTML = lObjRegExp.Replace(pStrHTML, "$1//protected$2")
lObjRegExp.Pattern = "<([^>]*) on[^=s]+s?=s?([^>]*)>"
pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1$3>")
Set lObjRegExp = Nothing

SafeHTML = pStrHTML

End Function


About this post

Posted: 2002-06-01
By: ArchiveBot
Viewed: 104 times

Categories

ASP/ HTML

Attachments

No attachments for this post

Comments

No comments have been added for this post.

You must be logged in to make a comment.