Re: [PHP] Re: stripping html tags
On Mon, June 6, 2005 1:05 am, Dotan Cohen said: > I am trying to access my local pop3 mail via wap. When I get home I > download the messages, but while away I need access to them. I am > trying to strip those tags from html mails so that they will display > in my wap browser. So, on your current path, you are going to assume that nobody will send you malicious email, targetted at your particular phone/wap model/device, and only strip out the tags you think are messing with display... Chris is suggesting that that's Bad Security, and he's right. Viruses for wap devices are being developed at break-neck speeds. Personally, I'd just call strip_tags() and not let ANY tags through, if I wanted to try to read email through my phone in the first place... Do you really need those fancy layouts and big images chewing up your cell phone bandwidth/charges?... Still, if you insist on ripping out only the 4 tags, preg shouldn't be THAT hard... The very first example on: http://us4.php.net/preg_replace shows how to rip out the
Re: [PHP] Re: stripping html tags
On 6/6/05, Chris Shiflett <[EMAIL PROTECTED]> wrote: > Dotan Cohen wrote: > > IF you know every single tag that exists! And being how I only wanted > > to remove four of them, the list of 'what to remove' is so much more > > compact than the 'leave those' list! > > For what purpose are you wanting to remove tags? If this is for data > that you plan to send to the client, then your approach is poor. > > Your reasoning is exactly why you should never try to guess which tags > to remove - you're almost certain to forget something. This is why so > many people create PHP applications with security vulnerabilities. > > If I've misunderstood your intent, then perhaps your approach is fine, > but I wanted to point out the risk in your approach. > > Chris > > P.S. You should never modify invalid data in order to make it valid. > Thus, I think strip_tags() is also a poor approach and not something I > ever recommend using. Filtering input and escaping output are the best > practices. > > -- > Chris Shiflett > Brain Bulb, The PHP Consultancy > http://brainbulb.com/ > I am trying to access my local pop3 mail via wap. When I get home I download the messages, but while away I need access to them. I am trying to strip those tags from html mails so that they will display in my wap browser. Dotan http://lyricslist.com/lyrics/pages/artist_albums.php/238/Guns%20N'%20Roses Guns N' Roses Lyrics -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: stripping html tags
Dotan Cohen wrote: IF you know every single tag that exists! And being how I only wanted to remove four of them, the list of 'what to remove' is so much more compact than the 'leave those' list! For what purpose are you wanting to remove tags? If this is for data that you plan to send to the client, then your approach is poor. Your reasoning is exactly why you should never try to guess which tags to remove - you're almost certain to forget something. This is why so many people create PHP applications with security vulnerabilities. If I've misunderstood your intent, then perhaps your approach is fine, but I wanted to point out the risk in your approach. Chris P.S. You should never modify invalid data in order to make it valid. Thus, I think strip_tags() is also a poor approach and not something I ever recommend using. Filtering input and escaping output are the best practices. -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: stripping html tags
On 6/6/05, Brian V Bonini <[EMAIL PROTECTED]> wrote: > On Sun, 2005-06-05 at 18:13, Dotan Cohen wrote: > > On 6/6/05, Brian V Bonini <[EMAIL PROTECTED]> wrote: > > > On Sun, 2005-06-05 at 16:05, Dotan Cohen wrote: > > > > > > > I don't want to strip out all the tags, just certain ones. But the > > > > problem turned out not to be in this peice of code- the script simply > > > > wasn't parsing. I started another thread with that problem after > > > > failing to fix it on my own. > > > > > > > > > The prototype says you cam specify exceptions to the function. > > > I was looking to remove certain tags, not leave certain tags, as does > > strip_tags(). But thank you, I do appreciate the input. > > It's the same thing... Just think of it terms of what you don't want to > remove rather then what you do want to remove. The result is the same. > > > -- > > s/:-[(/]/:-)/g > > > BrianGnuPG -> KeyID: 0x04A4F0DC | Key Server: pgp.mit.edu > == > gpg --keyserver pgp.mit.edu --recv-keys 04A4F0DC > Key Info: http://gfx-design.com/keys > Linux Registered User #339825 at http://counter.li.org > > IF you know every single tag that exists! And being how I only wanted to remove four of them, the list of 'what to remove' is so much more compact than the 'leave those' list! Dotan http://lyricslist.com/lyrics/pages/artist_albums.php/11/A-Ha A Ha Lyrics -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: stripping html tags
On Sun, 2005-06-05 at 18:13, Dotan Cohen wrote: > On 6/6/05, Brian V Bonini <[EMAIL PROTECTED]> wrote: > > On Sun, 2005-06-05 at 16:05, Dotan Cohen wrote: > > > > > I don't want to strip out all the tags, just certain ones. But the > > > problem turned out not to be in this peice of code- the script simply > > > wasn't parsing. I started another thread with that problem after > > > failing to fix it on my own. > > > > > > The prototype says you cam specify exceptions to the function. > I was looking to remove certain tags, not leave certain tags, as does > strip_tags(). But thank you, I do appreciate the input. It's the same thing... Just think of it terms of what you don't want to remove rather then what you do want to remove. The result is the same. -- s/:-[(/]/:-)/g BrianGnuPG -> KeyID: 0x04A4F0DC | Key Server: pgp.mit.edu == gpg --keyserver pgp.mit.edu --recv-keys 04A4F0DC Key Info: http://gfx-design.com/keys Linux Registered User #339825 at http://counter.li.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: stripping html tags
On 6/6/05, Brian V Bonini <[EMAIL PROTECTED]> wrote: > On Sun, 2005-06-05 at 16:05, Dotan Cohen wrote: > > > I don't want to strip out all the tags, just certain ones. But the > > problem turned out not to be in this peice of code- the script simply > > wasn't parsing. I started another thread with that problem after > > failing to fix it on my own. > > > The prototype says you cam specify exceptions to the function. > -- > > s/:-[(/]/:-)/g > > > BrianGnuPG -> KeyID: 0x04A4F0DC | Key Server: pgp.mit.edu > == > gpg --keyserver pgp.mit.edu --recv-keys 04A4F0DC > Key Info: http://gfx-design.com/keys > Linux Registered User #339825 at http://counter.li.org > > I was looking to remove certain tags, not leave certain tags, as does strip_tags(). But thank you, I do appreciate the input. http://lyricslist.com/lyrics/pages/artist_albums.php/425/Red%20Hot%20Chili%20Peppers Red Hot Chili Peppers Lyrics -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: stripping html tags
On Sun, 2005-06-05 at 16:05, Dotan Cohen wrote: > I don't want to strip out all the tags, just certain ones. But the > problem turned out not to be in this peice of code- the script simply > wasn't parsing. I started another thread with that problem after > failing to fix it on my own. The prototype says you cam specify exceptions to the function. -- s/:-[(/]/:-)/g BrianGnuPG -> KeyID: 0x04A4F0DC | Key Server: pgp.mit.edu == gpg --keyserver pgp.mit.edu --recv-keys 04A4F0DC Key Info: http://gfx-design.com/keys Linux Registered User #339825 at http://counter.li.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: stripping html tags
On 6/5/05, Dotan Cohen <[EMAIL PROTECTED]> wrote: > I don't want to strip out all the tags, just certain ones. You can use strip_tags() and tell it not to strip certain tags if you want, that feature has been available since PHP 3. -- Rogue Tory http://www.roguetory.org.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: stripping html tags
On 6/5/05, Matthew Weier O'Phinney <[EMAIL PROTECTED]> wrote: > * Dotan Cohen <[EMAIL PROTECTED]>: > > I took this example from php.net, but can't figure out where I went > > wrong. Why does this: > > $text = preg_replace("/(.|\s)*?<\/head>/i" , "" , $text); > > > > throw this error: > > syntax error at line 265, column 39: > > $text = preg_replace("/(.|\s)*?<\/head>/i" , "" > > , $text); > > ==^ > > > > It seems to be pointing to the 'e' is 'head'. Why? Thanks. > > Why are you using regexes instead of strip_tags()? > > -- > Matthew Weier O'Phinney | WEBSITES: > Webmaster and IT Specialist | http://www.garden.org > National Gardening Association| http://www.kidsgardening.com > 802-863-5251 x156 | http://nationalgardenmonth.org > mailto:[EMAIL PROTECTED] | http://vermontbotanical.org > I don't want to strip out all the tags, just certain ones. But the problem turned out not to be in this peice of code- the script simply wasn't parsing. I started another thread with that problem after failing to fix it on my own. Dotan http://lyricslist.com/lyrics/pages/artist_albums.php/19/Adams%2C%20Bryan Bryan Adams Lyrics -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: stripping html tags
* Dotan Cohen <[EMAIL PROTECTED]>: > I took this example from php.net, but can't figure out where I went > wrong. Why does this: > $text = preg_replace("/(.|\s)*?<\/head>/i" , "" , $text); > > throw this error: > syntax error at line 265, column 39: > $text = preg_replace("/(.|\s)*?<\/head>/i" , "" , > $text); > ==^ > > It seems to be pointing to the 'e' is 'head'. Why? Thanks. Why are you using regexes instead of strip_tags()? -- Matthew Weier O'Phinney | WEBSITES: Webmaster and IT Specialist | http://www.garden.org National Gardening Association| http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org mailto:[EMAIL PROTECTED] | http://vermontbotanical.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php