开发者

Checking link syntax of user input

问答 作者:

I have a site where users can enter comments and descriptions. I allow them to enter links in as well. I use strip_tags with an exception for links. I also add rel="nofollow" through a simple string_replace.

The problem is, if users leave off a double quote at the end of their opening tag, it messes up the html. Any suggestions on how to check for or fix incorrect link syntax?

$comment = $_POST开发者_StackOverflow中文版['comment'];

$comment = strip_tags($comment,"<a>");

$comment = str_replace('<a','<a rel="nofollow"',$comment);

$comment = mysql_real_escape_string($comment);

and when outputting

$comment = stripslashes($comment);

echo $comment;

The problem is when users add <a href="www.blah.com> and forget the last double quote, this messes up the way the comment div displays.

Here's what you have to do:

function fixLink($link) {
    $link = str_replace(array('<a', '"', '</a>'), '', $link);
    $link = str_replace(
        array('=', '>', ' '),
        array('="', '">', '" '),
        $link);
    return '<a rel="nofollow' . $link . '</a>';
}    

echo fixLink('<a href="/index.html>asd</a>') . "\n";
echo fixLink('<a class="awesome" href="/index.html>asd</a>') . "\n";
echo fixLink('<a href="/index.html class="awesome">asd</a>') . "\n";
echo fixLink('<a target="_blank" href="/index.html class="awesome">asd</a>') . "\n";
echo fixLink('<a target="_blank" href="/index.html class="awesome>asd</a>') . "\n";
echo fixLink('<a target="_blank" href="/index.html target="_blank" class="awesome">asd</a>') . "\n";
echo fixLink('<a href="/index.html class=awesome">asd</a>') . "\n";

That will output:

<a rel="nofollow" href="/index.html">asd</a>
<a rel="nofollow" class="awesome" href="/index.html">asd</a>
<a rel="nofollow" href="/index.html" class="awesome">asd</a>
<a rel="nofollow" target="_blank" href="/index.html" class="awesome">asd</a>
<a rel="nofollow" target="_blank" href="/index.html" class="awesome">asd</a>
<a rel="nofollow" target="_blank" href="/index.html" target="_blank" class="awesome">asd</a>
<a rel="nofollow" href="/index.html" class="awesome">asd</a>

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9