I remember reading up and this, and I modified it to my liking and added my own codes a while back. Could be useful, although the youtube one is kind of a let down It works, you just need the video id code. I'm sure you you can do full links if you use an explode() and substr(), I haven't got around to that yet. Anway, less of the boring stuff, more of the code: [syntax=php]function bbcode($text) { $search = array( '/\[b\](.*?)\[\/b\]/is', '/\[i\](.*?)\[\/i\]/is', '/\[u\](.*?)\[\/u\]/is', '/\[img\](.*?)\[\/img\]/is', '/\[url\](.*?)\[\/url\]/is', '/\[url\=(.*?)\](.*?)\[\/url\]/is', '/\[size\=(.*?)\](.*?)\[\/size\]/is', '/\[colour=(.*?)\](.*?)\[\/colour\]/is', '/\[center\](.*?)\[\/center\]/is', '/\[right\](.*?)\[\/right\]/is', '/\[left\](.*?)\[\/left\]/is', '/\[youtube\](.*?)\[\/youtube\]/is' );
yeah, I always use htmlentities(), just not needed in the function. I would go around to using [syntax=php] htmlentities(bbcode("[\b]Nice[\/b]")) [/syntax] or whatever it is. P.S Had to put \ there to let the Syntax-php work...(Only in this post, first post is correct)
Just call the function. [syntax=php]<?php echo bbcode($your_text); ?>[/syntax] You can edit all the replacements in there by just editing the corresponding lines in both arrays. The extra slashes are just to make the preg_replace work. It's like any other bbcode with it seems a bit extra.
There is one XSS vulnerability I did notice with using [url] and that is you can use [url=javascript:alert(String.fromCharCode(88, 83, 83));] (Just as an example) so you have to watch out for that.
This is a very basic method. It will not wrap around highlighted text. Replace [\b][\/b] with whatever you want your bbcode to display [syntax=xhtml]<a href="#" onclick="document.getElementById('your_textarea_id').value += '[\b][\/b]'">Bold</a>[/syntax]
Instead of using the hashtag (#), you should change the href to "javascript:void(0);" (minus quotes). This will hopefully stop the page from auto-scrolling to the top of the page, and keep that annoying hashtag out of the address bar.
You could also even use that "e.PreventDefault" thing, but I don't really know much about it.
Instead of using the hashtag (#), you should change the href to "javascript:void(0);" (minus quotes). This will hopefully stop the page from auto-scrolling to the top of the page, and keep that annoying hashtag out of the address bar.
You could also even use that "e.PreventDefault" thing, but I don't really know much about it.
I tried to enter javascript:void(0) but the syntax highlighter kept removing it. Sorry I forgot to explain that. Thanks for catching that The event.preventDefault(); method requires the JQuery library.