1

Topic: Disallow HTML in posts

I guess I'm lost.  Is there a way to disable HTML completely in posts?

We'll we using Zaher's nifty Code Beautifier, so all we wish to allow is BB code only.

Am I missing something?

TIA :>)

Re: Disallow HTML in posts

HTML isn't allowed at all in PunBB. I don't understand.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

3

Re: Disallow HTML in posts

sorry Rickard, <sheepish grin>

I need to go to sleep. :>)

I was using a script to post some stuff on our board - and indeed it uses bbcode, NOT html -- which I had originally thought.  That triggered my question.  Never mind! :>)

Re: Disallow HTML in posts

i'm sure there's a discussion on here about why html is not allowed... could someone please point me to that?  and also (especially) how to enable html in punbb?  that would be real swell smile

thank you!

Re: Disallow HTML in posts

alicson wrote:

i'm sure there's a discussion on here about why html is not allowed... could someone please point me to that?  and also (especially) how to enable html in punbb?  that would be real swell smile

thank you!

Safety, safety, safety...
People could use HTML to embed scripts, images, and applets to get private information from users - or even worse things.

Re: Disallow HTML in posts

thoroughly reasonable.  couldn't we have a set of allowed tags?  such as <code> and <strike> and other familiar friends of the sort?

Re: Disallow HTML in posts

PunBB BBCode provides the [ code ]-tag which is the equivalent of <code>.

8

Re: Disallow HTML in posts

Someone should make a mod that adds a [ strike ] tag.

9

Re: Disallow HTML in posts

KTottE wrote:

PunBB BBCode provides the [ code ]-tag which is the equivalent of <code>.

No, it's the equivelant of the <pre> tag which is block level. The <code> tag is inline.

Re: Disallow HTML in posts

graue wrote:

Someone should make a mod that adds a [ strike ] tag.

You don't need to make a full-fledged mod, just modify /include/parser.php.

In the part of the file where it parses the BBCode and converts it to HTML (starting around line 296) add

'#\[strike\](.*?)\[/strike\]#s'

to the BBCode array to be parsed and add

'<s>$1</s>'

to the array of HTML equivalents.

And there's your set of strikeout tags.

Adding the strikeout function was the first modification I ever made to a punBB file. smile

11

Re: Disallow HTML in posts

The <strike> and <s> tags are not valid XHTML Strict or even HTML Strict. You should use <span class="strike"> and then set text-decoration on the <span> in the stylesheet.

12

Re: Disallow HTML in posts

You also need to modify help.php so that it mentions the possibility of using [ strike ].

13

Re: Disallow HTML in posts

Paul wrote:
KTottE wrote:

PunBB BBCode provides the [ code ]-tag which is the equivalent of <code>.

No, it's the equivelant of the <pre> tag which is block level. The <code> tag is inline.

My bad.

Re: Disallow HTML in posts

Paul wrote:

The <strike> and <s> tags are not valid XHTML Strict or even HTML Strict. You should use <span class="strike"> and then set text-decoration on the <span> in the stylesheet.

man, what was wrong with 'strike' that it had to be stricken from validity??  *sigh*  these crazy newfangled ideas...

15

Re: Disallow HTML in posts

<del> is perfectly valid XHTML and serves the same function (ie, it allows strike-through text to be displayed). Its default CSS behaviour is text-decoration:strike-through, though that can obviously be changed via CSS. Hope that helps.

Re: Disallow HTML in posts

Mart wrote:

<del> is perfectly valid XHTML and serves the same function (ie, it allows strike-through text to be displayed). Its default CSS behaviour is text-decoration:strike-through, though that can obviously be changed via CSS. Hope that helps.

oh smile i can live with that. thank you.

17

Re: Disallow HTML in posts

<strike> was stricken (very punny of you, alicson) for the same reason that you should not use <b> and <i> anymore. It doesn't create semantic markup. That is, markup should describe what the content is, not how the content should appear.

Re: Disallow HTML in posts

i'd completely forgotten about <del>.  'will certainly be using that now, thanks

Re: Disallow HTML in posts

alicson wrote:

i'd completely forgotten about <del>.  'will certainly be using that now, thanks

I didn't even know <del> even existed.

20

Re: Disallow HTML in posts

its' a stupid fashion to make all tags dummie-understandable.
<i> and <b> tags are perfect.
short tag names safe bandwidth and time to write them (not everyone is using dreamweaver or frontpage, some use notepad smile ).

Re: Disallow HTML in posts

lol saving bandwidth is not the most important thing

Re: Disallow HTML in posts

Just wondering if it is possible somehow to allow google video to be embedded in posts without compromising security

the code they give you looks like this:

<embed style="width:400px; height:326px;" id="VideoPlayback" type="application/x-shockwave-flash" src="http://video.google.com/googleplayer.swf?docId=-8502085668185099812&hl=en"> </embed>