BBCode
BBCode
I remember reading up and this, and I modified it to my liking and added my own codes a while back. Could be useful, although the youtube one is kind of a let down It works, you just need the video id code. I'm sure you you can do full links if you use an explode() and substr(), I haven't got around to that yet. Anway, less of the boring stuff, more of the code:
[syntax=php]function bbcode($text) {
$search = array(
'/\[b\](.*?)\[\/b\]/is',
'/\[i\](.*?)\[\/i\]/is',
'/\[u\](.*?)\[\/u\]/is',
'/\[img\](.*?)\[\/img\]/is',
'/\[url\](.*?)\[\/url\]/is',
'/\[url\=(.*?)\](.*?)\[\/url\]/is',
'/\[size\=(.*?)\](.*?)\[\/size\]/is',
'/\[colour=(.*?)\](.*?)\[\/colour\]/is',
'/\[center\](.*?)\[\/center\]/is',
'/\[right\](.*?)\[\/right\]/is',
'/\[left\](.*?)\[\/left\]/is',
'/\[youtube\](.*?)\[\/youtube\]/is'
);
$replace = array(
'<strong>$1</strong>',
'<em>$1</em>',
'<u>$1</u>',
'<img src="$1" />',
'<a href="$1">$1</a>',
'<a href="$1">$2</a>',
'<font size="$1">$2</font>',
'<font color="$1">$2</font>',
'<center>$1</center>',
'<div style="text-align:right;">$1</div>',
'<div style="text-align:left;">$1</div>',
'<iframe title="YouTube video player" width="640" height="390" src="http://www.youtube.com/embed/$1" frameborder="0" allowfullscreen></iframe>'
);
$bb = preg_replace ($search, $replace, $text);
return $bb;
}[/syntax]
[syntax=php]function bbcode($text) {
$search = array(
'/\[b\](.*?)\[\/b\]/is',
'/\[i\](.*?)\[\/i\]/is',
'/\[u\](.*?)\[\/u\]/is',
'/\[img\](.*?)\[\/img\]/is',
'/\[url\](.*?)\[\/url\]/is',
'/\[url\=(.*?)\](.*?)\[\/url\]/is',
'/\[size\=(.*?)\](.*?)\[\/size\]/is',
'/\[colour=(.*?)\](.*?)\[\/colour\]/is',
'/\[center\](.*?)\[\/center\]/is',
'/\[right\](.*?)\[\/right\]/is',
'/\[left\](.*?)\[\/left\]/is',
'/\[youtube\](.*?)\[\/youtube\]/is'
);
$replace = array(
'<strong>$1</strong>',
'<em>$1</em>',
'<u>$1</u>',
'<img src="$1" />',
'<a href="$1">$1</a>',
'<a href="$1">$2</a>',
'<font size="$1">$2</font>',
'<font color="$1">$2</font>',
'<center>$1</center>',
'<div style="text-align:right;">$1</div>',
'<div style="text-align:left;">$1</div>',
'<iframe title="YouTube video player" width="640" height="390" src="http://www.youtube.com/embed/$1" frameborder="0" allowfullscreen></iframe>'
);
$bb = preg_replace ($search, $replace, $text);
return $bb;
}[/syntax]
Re: BBCode
htmlentities is needed somewhere to prevent xss attacks
Saying that, its not necessarily something this function should do.
Saying that, its not necessarily something this function should do.
Re: BBCode
yeah, I always use htmlentities(), just not needed in the function. I would go around to using
[syntax=php]
htmlentities(bbcode("[\b]Nice[\/b]"))
[/syntax] or whatever it is.
P.S Had to put \ there to let the Syntax-php work...(Only in this post, first post is correct)
[syntax=php]
htmlentities(bbcode("[\b]Nice[\/b]"))
[/syntax] or whatever it is.
P.S Had to put \ there to let the Syntax-php work...(Only in this post, first post is correct)
- FrederickGeek8
- Posts: 148
- Joined: Wed Nov 30, 2011 10:31 pm
Re: BBCode
This is a great Rich-text to BBCode editor that you can throw on your website. It works well with this tutorial.
Also I update the list for more items and security (just to save people some work)
[syntax=php]function bbcode($text) {
$text = htmlentities($text);
$search = array(
'/\[b\](.*?)\[\/b\]/is',
'/\[i\](.*?)\[\/i\]/is',
'/\[u\](.*?)\[\/u\]/is',
'/\[s\](.*?)\[\/s\]/is',
'/\[sub\](.*?)\[\/sub\]/is',
'/\[sup\](.*?)\[\/sup\]/is',
'/\[img\](.*?)\[\/img\]/is',
'/\[url\](.*?)\[\/url\]/is',
'/\[url\=(.*?)\](.*?)\[\/url\]/is',
'/\[size\=(.*?)\](.*?)\[\/size\]/is',
'/\[color=(.*?)\](.*?)\[\/color\]/is',
'/\[center\](.*?)\[\/center\]/is',
'/\[right\](.*?)\[\/right\]/is',
'/\[left\](.*?)\[\/left\]/is',
'/\[justify\](.*?)\[\/justify\]/is',
'/\[youtube\](.*?)\[\/youtube\]/is',
'/\[font\=(.*?)\](.*?)\[\/font\]/is',
'/\[ul\](.*?)\[\/ul\]/is',
'/\[ol\](.*?)\[\/ol\]/is',
'/\[li\](.*?)\[\/li\]/is',
'/\[code\](.*?)\[\/code\]/is',
'/\[quote\](.*?)\[\/quote\]/is',
'[hr]',
'/\[email\=(.*?)\](.*?)\[\/email\]/is',
'/\[rtl\](.*?)\[\/rtl\]/is',
'/\[ltr\](.*?)\[\/ltr\]/is',
'/\[table\](.*?)\[\/table\]/is',
'/\[tr\](.*?)\[\/tr\]/is',
'/\[td\](.*?)\[\/td\]/is',
'/\[thead\](.*?)\[\/thead\]/is',
'/\[tbody\](.*?)\[\/tbody\]/is',
'/\[th\](.*?)\[\/th\]/is',
'/\[caption\](.*?)\[\/caption\]/is'
);
$replace = array(
'<strong>$1</strong>',
'<em>$1</em>',
'<u>$1</u>',
'<del>$1</del>',
'<sub>$1</sub>',
'<sup>$1</sup>',
'<img src="$1" />',
'<a href="$1">$1</a>',
'<a href="$1">$2</a>',
'<font size="$1">$2</font>',
'<a style=\'color:$1;\'>$2</a>',
'<center>$1</center>',
'<div style="text-align:right;">$1</div>',
'<div style="text-align:left;">$1</div>',
'<div style="text-align:justify;">$1</div>',
'<iframe id="ytplayer" type="text/html" width="640" height="360"
src="https://www.youtube.com/embed/$1" frameborder="0" allowfullscreen>',
'<a style=\'font-family:$1;\'>$2</a>',
'<ul>$1</ul>',
'<ol>$1</ol>',
'<li>$1</li>',
'<code>$1</code>',
'<blockquote>$1</blockquote>',
'<hr />',
'<a href=\'mailto:$1\'>$2</a>',
'<div style=\'direction: rtl\'>$1</div>',
'<div style=\'direction: ltr\'>$1</div>',
'<table>$1</table>',
'<tr>$1</tr>',
'<td>$1</td>',
'<thead>$1</thead>',
'<tbody>$1</tbody>',
'<th>$1</th>',
'<caption>$1</caption>'
);
$bb = preg_replace ($search, $replace, $text);
return $bb;
}[/syntax]
Also I update the list for more items and security (just to save people some work)
[syntax=php]function bbcode($text) {
$text = htmlentities($text);
$search = array(
'/\[b\](.*?)\[\/b\]/is',
'/\[i\](.*?)\[\/i\]/is',
'/\[u\](.*?)\[\/u\]/is',
'/\[s\](.*?)\[\/s\]/is',
'/\[sub\](.*?)\[\/sub\]/is',
'/\[sup\](.*?)\[\/sup\]/is',
'/\[img\](.*?)\[\/img\]/is',
'/\[url\](.*?)\[\/url\]/is',
'/\[url\=(.*?)\](.*?)\[\/url\]/is',
'/\[size\=(.*?)\](.*?)\[\/size\]/is',
'/\[color=(.*?)\](.*?)\[\/color\]/is',
'/\[center\](.*?)\[\/center\]/is',
'/\[right\](.*?)\[\/right\]/is',
'/\[left\](.*?)\[\/left\]/is',
'/\[justify\](.*?)\[\/justify\]/is',
'/\[youtube\](.*?)\[\/youtube\]/is',
'/\[font\=(.*?)\](.*?)\[\/font\]/is',
'/\[ul\](.*?)\[\/ul\]/is',
'/\[ol\](.*?)\[\/ol\]/is',
'/\[li\](.*?)\[\/li\]/is',
'/\[code\](.*?)\[\/code\]/is',
'/\[quote\](.*?)\[\/quote\]/is',
'[hr]',
'/\[email\=(.*?)\](.*?)\[\/email\]/is',
'/\[rtl\](.*?)\[\/rtl\]/is',
'/\[ltr\](.*?)\[\/ltr\]/is',
'/\[table\](.*?)\[\/table\]/is',
'/\[tr\](.*?)\[\/tr\]/is',
'/\[td\](.*?)\[\/td\]/is',
'/\[thead\](.*?)\[\/thead\]/is',
'/\[tbody\](.*?)\[\/tbody\]/is',
'/\[th\](.*?)\[\/th\]/is',
'/\[caption\](.*?)\[\/caption\]/is'
);
$replace = array(
'<strong>$1</strong>',
'<em>$1</em>',
'<u>$1</u>',
'<del>$1</del>',
'<sub>$1</sub>',
'<sup>$1</sup>',
'<img src="$1" />',
'<a href="$1">$1</a>',
'<a href="$1">$2</a>',
'<font size="$1">$2</font>',
'<a style=\'color:$1;\'>$2</a>',
'<center>$1</center>',
'<div style="text-align:right;">$1</div>',
'<div style="text-align:left;">$1</div>',
'<div style="text-align:justify;">$1</div>',
'<iframe id="ytplayer" type="text/html" width="640" height="360"
src="https://www.youtube.com/embed/$1" frameborder="0" allowfullscreen>',
'<a style=\'font-family:$1;\'>$2</a>',
'<ul>$1</ul>',
'<ol>$1</ol>',
'<li>$1</li>',
'<code>$1</code>',
'<blockquote>$1</blockquote>',
'<hr />',
'<a href=\'mailto:$1\'>$2</a>',
'<div style=\'direction: rtl\'>$1</div>',
'<div style=\'direction: ltr\'>$1</div>',
'<table>$1</table>',
'<tr>$1</tr>',
'<td>$1</td>',
'<thead>$1</thead>',
'<tbody>$1</tbody>',
'<th>$1</th>',
'<caption>$1</caption>'
);
$bb = preg_replace ($search, $replace, $text);
return $bb;
}[/syntax]
- louiegiezer
- Posts: 57
- Joined: Fri Oct 21, 2011 11:31 am
- Contact:
Re: BBCode
how this thing should work if i try to test this code... no idea
Re: BBCode
Just call the function. [syntax=php]<?php echo bbcode($your_text); ?>[/syntax]
You can edit all the replacements in there by just editing the corresponding lines in both arrays. The extra slashes are just to make the preg_replace work. It's like any other bbcode with it seems a bit extra.
There is one XSS vulnerability I did notice with using [url] and that is you can use [url=javascript:alert(String.fromCharCode(88, 83, 83));] (Just as an example) so you have to watch out for that.
You can edit all the replacements in there by just editing the corresponding lines in both arrays. The extra slashes are just to make the preg_replace work. It's like any other bbcode with it seems a bit extra.
There is one XSS vulnerability I did notice with using [url] and that is you can use [url=javascript:alert(String.fromCharCode(88, 83, 83));] (Just as an example) so you have to watch out for that.
<?php while(!$succeed = try()); ?>
- louiegiezer
- Posts: 57
- Joined: Fri Oct 21, 2011 11:31 am
- Contact:
Re: BBCode
i want to know how the trix.. just like the bbcode here... its automatically insert the tags on the text... if i know there's a java on it...
Re: BBCode
This is a very basic method. It will not wrap around highlighted text. Replace [\b][\/b] with whatever you want your bbcode to display
[syntax=xhtml]<a href="#" onclick="document.getElementById('your_textarea_id').value += '[\b][\/b]'">Bold</a>[/syntax]
[syntax=xhtml]<a href="#" onclick="document.getElementById('your_textarea_id').value += '[\b][\/b]'">Bold</a>[/syntax]
<?php while(!$succeed = try()); ?>
Re: BBCode
ScTech wrote:This is a very basic method. It will not wrap around highlighted text. Replace [\b][\/b] with whatever you want your bbcode to display
[syntax=xhtml]<a href="#" onclick="document.getElementById('your_textarea_id').value += '[\b][\/b]'">Bold</a>[/syntax]
Instead of using the hashtag (#), you should change the href to "javascript:void(0);" (minus quotes). This will hopefully stop the page from auto-scrolling to the top of the page, and keep that annoying hashtag out of the address bar.
You could also even use that "e.PreventDefault" thing, but I don't really know much about it.
Re: BBCode
Helx wrote:ScTech wrote:This is a very basic method. It will not wrap around highlighted text. Replace [\b][\/b] with whatever you want your bbcode to display
[syntax=xhtml]<a href="#" onclick="document.getElementById('your_textarea_id').value += '[\b][\/b]'">Bold</a>[/syntax]
Instead of using the hashtag (#), you should change the href to "javascript:void(0);" (minus quotes). This will hopefully stop the page from auto-scrolling to the top of the page, and keep that annoying hashtag out of the address bar.
You could also even use that "e.PreventDefault" thing, but I don't really know much about it.
I tried to enter javascript:void(0) but the syntax highlighter kept removing it. Sorry I forgot to explain that. Thanks for catching that The event.preventDefault(); method requires the JQuery library.
<?php while(!$succeed = try()); ?>