July 30th, 2004, 09:35 PM
Hey, I just created an update form for my site, so I can make a post and have it update on my front page. Right now I use blogger, but I wrote my own so I wouldn't have to depend on them anymore.
A couple questions...
Why do forums like this use bb code? Is there something I am missing out on, is it some kind of security measure to prevent malicous dhtml?
July 31st, 2004, 12:17 AM
Soda - BBcode is the easy way to protect a website against malicious HTML. Especially if the general public gets to post stuff. All < > and stuff is escaped out, and only stuff in  is looked at for BBcode. Without it, I could try to craft a link that posts the user's session ID to my own server, or even code something that uses their AP status to neg the hell out of somebody. If you can't escape it because you are allowing HTML, there can be problems. There was huge concern a while back when the AP system was first made because it used to be possible to create a username that "broke" the AP system. If you go through our Addicts Forum you'll find mention of it somewhere. That was because not everything was escaped out somewhere. With BBcode, you can escape everything without breaking things like bolding text, etc.
function addtag ( starting, closing, target )
target.value += starting + prompt("What would you like to " + starting + closing + "?") + closing;
July 31st, 2004, 10:52 PM
The other reason is that if you store formatting as HTML then you only get HTML out. With BBCode or someother formatting tag system, you can make a translater that outputs it as html, or pdf, or what ever else with little difficulty.
The other thing is purely an HTML thing. Ever write an entire page of HTML and forget a closing tag. The results are usually quite unexpected depending on the browsers rendering engine. With BBCode if the BBCode to HTML coverter is written carefully it will ignore these mistakes and not convert them. So [quote] isn't a quote unless it's got its ending tag whereas a <DIV> would just be what it is.
If you want to looks at a BBCode to HTML converter's REGEX (perl compatible at that), the PHP templating engine Smarty has a plugin called bbcode2html which I use because I haven't taken the time to make my own converter yet. If you are doing it in PHP I'd go for the preg_replace() methods just because of their speed...
The owl of Minerva spreads its wings only with the falling of dusk. -Hegel