Support » Plugins » Hacks » Validating text to ensure that there are no html in it

  • Hi all,

    I am just looking for some general guidance here, I am happy to investigate the actual “how to” aspect myself, but I can’t think of the general method that might be used.

    I am setting up a site that is open to registered users to post on. I have added an addon that allows them to add info via a text field, but I want to be able to check that they have not added any code, html, hyperlinks etc into the text field (to minimise links, injecting code and so on).

    What are some approaches that might be used to validate against that kind of thing? For example, I might validate that anything with word.word in it might be blocked because that indicates that there is a possible email address or website address. All suggestions and thoughts will be greatly appreciated.



Viewing 2 replies - 1 through 2 (of 2 total)
  • Have a look into ‘filters’. There’s filters that can control the content of the posts as they go through the process. you should be able to hook into a filter that will give you the content, and then you can do whatever processing you need to do to strip the tags out, and return the cleansed content back to the system.

    You can use the PHP function strip_tags() to remove the tags from any string. For example, you might have something like this:

    $user_info = $_POST['info'];
    $user_info = strip_tags($user_info, '<i>');

    You can choose tags that you want the user to have available – just exclude them from the stripping by passing them in as the second argument like I did for the italics tag.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Validating text to ensure that there are no html in it’ is closed to new replies.