VB icon

Allow users to post "Safe" HTML

Email
Submitted on: 1/5/2015 2:56:00 PM
By: Lewis E. Moten III (from psc cd)  
Level: Advanced
User Rating: By 2 Users
Compatibility: ASP (Active Server Pages)
Views: 1502
 
     This code pulls out all the nasty tags that a user sholdn't use when posting content. It also pulls out any javascript events assigned to any tags. A must have if you allow people to post HTML on your site.
 
Can't Copy and Paste this?
Click here for a copy-and-paste friendly version of this code!
'**************************************
' for :Allow users to post "Safe" HTML
'**************************************
(c)Copyright 2001 Lewis Edward Moten III, All rights reserved.
code:
Can't Copy and Paste this?
Click here for a copy-and-paste friendly version of this code!
				
'**************************************
' Name: Allow users to post "Safe" HTML
' Description:This code pulls out all the nasty tags that a user sholdn't use when posting content. It also pulls out any javascript events assigned to any tags. A must have if you allow people to post HTML on your site.
' By: Lewis E. Moten III (from psc cd)
'**************************************

Function SafeHTML(ByVal pStrHTML)
	
	Dim lObjRegExp
	If VarType(pStrHTML) = vbNull Then Exit Function
	If pStrHTML = "" Then Exit Function
	Set lObjRegExp = New RegExp
	lObjRegExp.Global = True
	lObjRegExp.IgnoreCase = True
	lObjRegExp.Pattern = "<(/)?SCRIPT|META|STYLE([^>]*)>"
	pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1SCRIPT$3>")
	lObjRegExp.Pattern = "<(/)?(LINK|IFRAME|FRAMESET|FRAME|APPLET|OBJECT)([^>]*)>"
	pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1LINK$3>")
	lObjRegExp.Pattern = "(<A[^>]+href\s?=\s?""?javascript:)[^""]*(""[^>]+>)"
	pStrHTML = lObjRegExp.Replace(pStrHTML, "$1//protected$2")
	lObjRegExp.Pattern = "(<IMG[^>]+src\s?=\s?""?javascript:)[^""]*(""[^>]+>)"
	pStrHTML = lObjRegExp.Replace(pStrHTML, "$1//protected$2")
	lObjRegExp.Pattern = "<([^>]*) on[^=\s]+\s?=\s?([^>]*)>"
	pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1$3>")
	Set lObjRegExp = Nothing
	
	SafeHTML = pStrHTML
	
End Function


Other 63 submission(s) by this author

 


Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:

Your Vote

What do you think of this code (in the Advanced category)?
(The code with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)
 

Other User Comments


 There are no comments on this submission.
 

Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular code, please click here instead.)
 

To post feedback, first please login.