Ok so i want to allow users to insert HTML into a text area in a form that will later be displayed

here is my PHP

$asdf' = strip_tags($_POST['asdf'], '<a><br><b><u><i><table><tr><td></td></tr><img><font><center><div>');


so the issue is that the user might forget to close a table or center tag causing the formatting of the rest of my page to be at risk. is there any way to make the returned code independent so it will not effect the rest of the page????

Could you insert this code into an iframe or div somehow to prevent this?

an iframe might prevent things; a div, no.

Is it possible to have the user enter text only and not HTML (and have your PHP dynamically insert the HTML as needed)?

hmmm adding an iframe is going to be ALOT of work. its also going to be an issue that iframe heights cannot be auto, but have to be fixed.

Any other solutions anyone know of?

Why don't you include some validation/error checking and add/remove any html elements that should or shoudn't be in there

i guess in theory you could use a wysiwyg editor on that text area. it would reduce the odds of them screwing up your page with errant html but personally i think it's a pretty bad idea.

well im just thinking about sites like myspace where you can butcher the code and the rest of the page will stay in tact.
There is no way i will be able to check all the code and vaildate it. that script would be very difficult.
Im just wondering if there is a way to isolate it or keep it from effecting the rest of the page

Ok well how about this. On this forum any time we type a message like i am typing now we have all the font style and formatting options above us. I could try using something like this but I am looking for one with more customization.

Does anyone know what these are called so i can find one on hot scripts someone has already built?

well im just thinking about sites like myspace where you can butcher the code and the rest of the page will stay in tact.

I'm fairly certain that it's totally possible to muck up a myspace page with broken HTML. It's probably hard to notice because most myspace pages look mucked up to begin with.

You could maybe incorporate BBCode, or Textile, or Markdown…combine that with a filter that strips out manual HTML tags.(?)

I'm fairly certain that it's totally possible to muck up a myspace page with broken HTML. It's probably hard to notice because most myspace pages look mucked up to begin with.


wow i didnt know that. hmmmm.

I will look into BBcode