[Israel.pm] RegEx in HTML Character
Yona Shlomo
yona at cs.technion.ac.il
Tue Jan 29 07:00:40 EET 2008
On Mon, 28 Jan 2008, Georges EL OJAIMI wrote:
> Hello,
>
> Yona Shlomo wrote:
>> How does the following help prevent HTML characters and SQL
>> injection into the database?
Can you answer this question? How does this transformation
of yours help prevent SQL injections?
>>> [b]bold[/b]
>>>
>>> [i]italic[/i]
>>>
>>> [u]underline[/u]
>>>
>>> [url=http://www.url.com]url[/url]
>>>
>>> I want to replace each tag on the fly by its real HTML tag while
>>> displaying it to the end user.
>>>
>>> Is there a way to replace all these tags by there equivalents? I am
>>> having problem detecting the brackets []
> I will remove all escape characters except these ones. example:
> /<[//]{0,1}(B|b)[^><]*>/g by dynamically passing all the needed tags.
>> Can you guarantee that square brackets are only used as your
>> markup?
>>
>> Your is the [url=....] the equevalent to the HTML <a href=...> ?
>
> Yes, it is
You can try the following hack, but it is risky:
s/\[([^\[\]]+)\]/<\1>/g;
s,<url(="[^"]+")>([^<]+)</url>,<a href=\1>\2</a>,g
See, the above regular expressions do not try to balance
your markup's open and close tags, nor are aware of
whitespace issues, quotations and escaping.
--
Shlomo Yona
yona at cs.technion.ac.il
http://yeda.cs.technion.ac.il/~yona/
More information about the Perl
mailing list