Menu
I have a site where users can enter comments and descriptions. I allow them to enter links in as well. I use strip_tags with an exception for links. I also add rel="nofollow" through a simple string_replace.
The problem is, if users leave off a double quote at the end of their opening tag, it messes up the html. Any suggestions on how to check for or fix incorrect link syntax?
$comment = $_POST['comment'];$comment = strip_tags($comment,"<a>");$comment = str_replace('<a','<a rel="nofollow"',$comment);$comment = mysql_real_escape_string($comment);
and when outputting
$comment = stripslashes($comment);
echo $comment;
The problem is when users add <a href="www.blah.com> and forget the last double quote, this messes up the way the comment div displays.
228
Syntax. The <input> tag is written as <input> (no end tag). An <input> tag is typically given a type attribute to specify the type of control, and a name attribute so that the form processor can make a reference to it. Often a value attribute is used to specify the default value of the form control.
The <input type="url"> defines a field for entering a URL. The input value is automatically validated before the form can be submitted. Tip: Always add the <label> tag for best accessibility practices!
The checked attribute is a boolean attribute. When present, it specifies that an <input> element should be pre-selected (checked) when the page loads. The checked attribute can be used with <input type="checkbox"> and <input type="radio"> . The checked attribute can also be set after the page load, with a JavaScript.
Validation should aim to be as accommodating as possible of different forms of input for particular data types. For example, telephone numbers are written with different separators and digit groupings. Your form will be easier to use if it can interpret multiple notations. Also, it is helpful to be liberal with input.
Here's what you have to do:
function fixLink($link) {
$link = str_replace(array('<a', '"', '</a>'), '', $link);
$link = str_replace(
array('=', '>', ' '),
array('="', '">', '" '),
$link);
return '<a rel="nofollow' . $link . '</a>';
}
echo fixLink('<a href="/index.html>asd</a>') . "\n";
echo fixLink('<a class="awesome" href="/index.html>asd</a>') . "\n";
echo fixLink('<a href="/index.html class="awesome">asd</a>') . "\n";
echo fixLink('<a target="_blank" href="/index.html class="awesome">asd</a>') . "\n";
echo fixLink('<a target="_blank" href="/index.html class="awesome>asd</a>') . "\n";
echo fixLink('<a target="_blank" href="/index.html target="_blank" class="awesome">asd</a>') . "\n";
echo fixLink('<a href="/index.html class=awesome">asd</a>') . "\n";
That will output:
<a rel="nofollow" href="/index.html">asd</a>
<a rel="nofollow" class="awesome" href="/index.html">asd</a>
<a rel="nofollow" href="/index.html" class="awesome">asd</a>
<a rel="nofollow" target="_blank" href="/index.html" class="awesome">asd</a>
<a rel="nofollow" target="_blank" href="/index.html" class="awesome">asd</a>
<a rel="nofollow" target="_blank" href="/index.html" target="_blank" class="awesome">asd</a>
<a rel="nofollow" href="/index.html" class="awesome">asd</a>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
