insideorkut.com

Is there a Real FREE iContact autoresponder that I can download?
Try iContact email marketing for free for 30 days. Click here to use coupon...

Get a free trial of iContact here. Click here for this special deal...
First question I have is Is there a Real FREE iContact autoresponder that I can download? Thanks in advance for any answer or 2. 2nd question I got is.. Is there a way to end all html tags in one single end tag? Here is the problem I am facing:.

My iContact website is backed by PHP. Users can enter in text in various places and some tags of HTML are allowed, such as bold, italics, strikes, and other harmless formating things. The problem is, what if a user (intentionally or not) doesn't put end tags to close off the formating? Then all other user messages would be formatted incorrectly. Is there a way after each message to cap off all thier tags?..

Comments (13)

Of course! although you might want to make sure and wait for someone else here to confirm it as I am unsure of myself. Better yet, why don't you email the iContact guys because they can give you an answer better...

Comment #1

Avoid the problem, do not allow HTML tags, instead substitue your own tags, just like this forum does, for example:.

[color=red].

Your PHP script turns that into html code when the page is displayed...

Comment #2

Yes kevin, but that could still cause a problem if they do not close them.....

Comment #3

Obviously the opening and closing tag will have to be present for the code to work otherwise the PHP scipt should be "smart" enough to not turn the code into html tags..

Maybe I should have said that previously but some things seem obvious to me and I'd rahter assume other people are smart enough to ask more questions or figure it out for themself...

Comment #4

Upon further investigation of sites that successfully do this (and allow html by users) their server side script does all the work. Sorry for asking this in an html forum, my bad. Shouldn't have assumed there was an html tag for it..

Although there should be, that would be very convenient. This is going to be an annoying parser script...

Comment #5

I'm affraid I still do not see how using some form of bbcode would help the problem. If anything, it would make it more difficult..

From what I read in his first post, I gathered that he had figured out how to allow certain tags and not others...

Comment #6

Correct. THe php function strip_tags is very awesome because it strips all html/php tags except for ones you specify...

Comment #7

What would happen if you added this to the <img> tag in one of your posts?.

Style="position:absolute; top:200px; left:50px;"..

Comment #8

Heh, good call. Looks like there is a little more work to be done. Thanks..

The good news is I just wrote an exploit proof way to end tags, although it's bulky...

Comment #9

I think it would be best to do what kevin suggested, and make some kind of bbcode. Because there are other attributes you can add, some can be malicious ones using javascript..

You seem to have the knowledge to do this, and using a simple string replace function wouldn't be too difficult...

Comment #10

I think I will just go at the problem with a hatchet. Every occurance of "<!" gets turned into "<" and every occurance of "javascript" gets turned into "java script". Crude but it should work. Now to tackle the class / style problem. It's too bad because there are a lot of attributes I wouldn't mind allowing. Heck, I would prefer they stuck around.



Thanks for the help...

Comment #11

Ooops, forgot. "Javascript" isn't necessary for javascript functions. Guess I have to get put spaces in the commands themselves...

Comment #12

There's quite a lot of them too!.

Onmouseover, onmouseup, etc. It would be best and easiest to just create some bbcode...

Comment #13

In case you still want to keep the HTML tags and disable all JavaScript event attributes instead,.

Here.

Is a list of them. Those are, however, only the ones that the W3C accepts - there are some IE specific ones too: onAbort, onActivate, onAfterPrint, onAfterUpdate, onBeforeActivate, onBeforeCopy, onBeforeCut, onBeforeDeactivate, onBeforeEditFocus, onBeforePaste, onBeforePrint, onBeforeUnload, onBeforeUpdate, onBounce, onCellChange, onContextMenu, onControlSelect, onCopy, onCut, onDataAvailable, onDatasetChanged, onDatasetComplete, onDeactivate, onDrag, onDragEnd, onDragEnter, onDragLeave, onDragOver, onDragStart, onDrop, onError, onErrorUpdate, onFilterChange, onFinish, onFocusIn, onFocusOut, onHelp, onLayoutComplete, onLoseCapture, onMouseEnter, onMouseLeave, onMouseWheel, onMove, onMoveEnd, onMoveStart, onPaste, onPropertyChange, onReadyStateChange, onResizeEnd, onResizeStart, onRowEnter, onRowExit, onRowsDelete, onRowsInserted, onSelect, onSelectionChange, onSelectStart, onStart, and onStop..

So there would be lots of them to edit and that is one reason to use a BBCode instead. On the other hand, you could use a simple regex to disable all attributes that begin with.

On.

...

Comment #14


This question was taken from a support group/message board and re-posted here so others can learn from it.

 

 

 

iContact.com - Email Marketing Simplified