Frank
08-13-2004, 10:20 PM
When working with forms, I've often had the need to remove HTML tags from a user's input.
Stripping HTML Tags
By Abd Shomad
http://www.4guysfromrolla.com/webtech/100199-1.shtml
While a quick netsearch will probably reveal many more complicated functions to do this, the same thing can be achieved much more quickly and efficiently using Regular Expressions:
Stripping HTML Tags using Regular Expressions
By Scott Mitchell
http://www.4guysfromrolla.com/webtech/042501-1.shtml
While those functions are quite handy, I've found that sometimes it is necessary to allow users to type HTML tags in the form, and have those tags actually display as plain text and not be removed or actually processed as HTML output. For example, if a user typed <B>This is the BOLD text tag</B>, the user would see the entire line on an output page, tags and all, and not just a line of text in BOLD typeface. For that, I use the REPLACE function in ASP to replace the greater-than and less-than symbols (> and <) as well as the ampersand (&) symbol to their HTML equivalents. When the text is displayed on a web page, the tags will not be processed, but will display on the page as normal text:
<%
Function DisableTags(strUserInput)
strNewString = Replace(strUserInput, "&", "&")
strNewString = Replace(strNewString, "<", "<")
strNewString = Replace(strNewString, ">", ">")
DisableTags = strNewString
End Function
%>
This is very basic code, but is useful for those who may wish to allow users to type HTML into a form, but do not wish for those tags to be processed when displaying on a webpage.
Using the concept above, whenever I create an ASP application that at some point gathers input from the user, I always run the input thorugh the following function:
<%
'This function will replace all instances of the < and > and & symbols with
'their HTML equivalents.
'This will have the effect of disabling any HTML tags the user may type.
'This function will also replace the apostrophe and quotation mark symbols with
'database-friendly equivalents
Function ProcessInput(strUserInput)
strNewString = Replace(strUserInput, "&", "&")
strNewString = Replace(strNewString, "<", "<")
strNewString = Replace(strNewString, ">", ">")
strNewString = Replace(strNewString, "'", "`")
strNewString = Replace(strNewString, chr(34), "``")
ProcessInput = strNewString
End Function
%>
Stripping HTML Tags
By Abd Shomad
http://www.4guysfromrolla.com/webtech/100199-1.shtml
While a quick netsearch will probably reveal many more complicated functions to do this, the same thing can be achieved much more quickly and efficiently using Regular Expressions:
Stripping HTML Tags using Regular Expressions
By Scott Mitchell
http://www.4guysfromrolla.com/webtech/042501-1.shtml
While those functions are quite handy, I've found that sometimes it is necessary to allow users to type HTML tags in the form, and have those tags actually display as plain text and not be removed or actually processed as HTML output. For example, if a user typed <B>This is the BOLD text tag</B>, the user would see the entire line on an output page, tags and all, and not just a line of text in BOLD typeface. For that, I use the REPLACE function in ASP to replace the greater-than and less-than symbols (> and <) as well as the ampersand (&) symbol to their HTML equivalents. When the text is displayed on a web page, the tags will not be processed, but will display on the page as normal text:
<%
Function DisableTags(strUserInput)
strNewString = Replace(strUserInput, "&", "&")
strNewString = Replace(strNewString, "<", "<")
strNewString = Replace(strNewString, ">", ">")
DisableTags = strNewString
End Function
%>
This is very basic code, but is useful for those who may wish to allow users to type HTML into a form, but do not wish for those tags to be processed when displaying on a webpage.
Using the concept above, whenever I create an ASP application that at some point gathers input from the user, I always run the input thorugh the following function:
<%
'This function will replace all instances of the < and > and & symbols with
'their HTML equivalents.
'This will have the effect of disabling any HTML tags the user may type.
'This function will also replace the apostrophe and quotation mark symbols with
'database-friendly equivalents
Function ProcessInput(strUserInput)
strNewString = Replace(strUserInput, "&", "&")
strNewString = Replace(strNewString, "<", "<")
strNewString = Replace(strNewString, ">", ">")
strNewString = Replace(strNewString, "'", "`")
strNewString = Replace(strNewString, chr(34), "``")
ProcessInput = strNewString
End Function
%>