i used htmlspecialchars to clean site comments, it's change <> to html special character. but i also need to put some links in comments, same like as here at SO.
i think some thing like perg_replace can make a exception for htmlspecialchars, for example to hide [LINK]<a href="...">...</a>[/LINK] from htmlspecialchars. how i can make it in php? or what's a better way to do that?
Asked
Active
Viewed 343 times
-2
Vahid
- 382
- 1
- 6
- 19
-
1[What have you tried?](http://www.whathaveyoutried.com) – Mike Jun 12 '12 at 21:30
2 Answers
1
I would recommend using a library for parsing BBCode or similar things - and generally speaking that would sanitise the input itself. A quick google turned up NBBC, although that might be a bit overkill for your purposes. You don't even need to use BBCode, unless you've got your heart set on it - there are perfectly good PHP libraries for Markdown and the like.
p.g.l.hall
- 1,961
- 2
- 15
- 26
1
you can use this code:
$comment = preg_replace('/'.preg_quote('[link]','/').'(.*?)'.preg_quote('[/link]','/').'/eisU',"htmlspecialchars_decode('$1')", $comment);
XWeb
- 26
- 2