I have a forum which I use custom made format tags for users to use like vB codes. However when users post they can also use HTML tags. Is there a way I can create it so that the tags will just appear as text. I don't want members to be able to add flash movies to their posts etc, it could slow the page down.

Thanks.

Use Server.HtmlEncode:

Dim s As String = "<b>Hello CurtWRC</b>"
s = Server.HtmlEncode(s)
Response.Write(s)


The HTML result will be:

<b>Hello CurtWRC</b>

I don't fully understand how this will help me. Say for example I'm using a TextBox with an ID of 'PostMessage' would I replace your code with:

Dim s As String = PostMessage.Text
s = Server.HtmlEncode(s)
Response.Write(s)

Thanks.

EDIT: I just tried the above code and it made it so that the tags I made appear as HTML tags in posts, but the when posting HTML tags and error appears.

Use it when you insert into your database (when users post message), something like below:


INSERT INTO Forums (Messages) values('" & Server.HtmlEncode(PostMessage.Text) & "')


For security reason you should always encode all db insert and update or anybody will have the possibility to execute malicious script in your application.

My above code is correct only if you are using MS-Access, if you are using SQL Server, you should always use stored procedure to prevent SQL Injection.

here is an example of a friendly malicious script:

http://www.rallystuff.net/curt/forum.aspx?view=thread&boardid=1&id=67

The code has worked. It hasn't allowed me to use <b> or <a> tags, but the problem is I use replace functions so that when a user enters [ b ] it replaces it with <b>. I do the same with smileys etc.
http://www.rallystuff.net/curt/forum.aspx?view=thread&boardid=1&id=68

Message.Text = Replace(Message.Text, "[ b ]", "<b>")
(No spaces on the [ b ])

So this new code now makes the replaced tag appear. I only wanted manually entered tags to appear as text. Is there anyway of doing this?

Thanks.

(No spaces on the [ b ])

Use Server.HtmlEncode when you insert message in the db.
Do not replace [ b ] to <b> when you insert, perform that action only when you display the message.

If you want to use Server.HtmlEncode when you display the message you must use Server.HtmlEncode before your replace [ b ] and [ /b ], something like below:


Function displayMsg(ByVal msg As String) As String

Dim strResult As String = msg
strResult = Server.HtmlEncode(strResult)
strResult = strResult.Replace("[ b ]", "<b>")
strResult = strResult.Replace("[ /b ]", "</b>")
strResult = strResult.Replace("[:)]", "<img src='http://www.rallystuff.net/curt/Images/emo/happy.gif'>")

Return strResult

End Function


If you experience problems, please post some code.

Thanks otaku149 :). That works great. Now I will be able to edit posts more easily as well now as they wont be displayed in HTML.

I have another similar question. I want to be able to create a VB code that can do this: (ignore spaces)

[url = http://.... ] Link Text [ / url ]

One way I know I could do this is by creating three seperate replacements.

1. [url=
2. ]
3. [ / url ]

But by doing this I will have a replacement for ']'. This character may be used in posts so it wouldn't be very good replacing it everytime. Is there another way I can do this?

Thanks.

Yes, my suggestion is to use Regular Expression. Let's start with the function we previously used:


Function displayMsg(ByVal msg As String) As String
Dim strResult As String = msg
strResult = Server.HtmlEncode(strResult)
strResult = strResult.Replace("[ b ]", "<b>")
strResult = strResult.Replace("[ /b ]", "</b>")
strResult = strResult.Replace("[:)]", "<img src='http://www.rallystuff.net/curt/Images/emo/happy.gif'>")
Return strResult
End Function


Now let's suppose you want allow users to post image, link, link with custom text and link with an image:
(ignore spaces)

IMAGE:
[ img = http....image.gif ]

LINK:
[ url ] http.... [ /url ]

LINK WITH CUSTOM TEXT
[ url = http.... ]Personal Blog[ /url ]

LINK WITH IMAGE:
[ url = http.... ][ img = http....image.gif ][ /url ]

First you need to import System.Text.RegularExpressions in your code-behind like below:
Imports System.Text.RegularExpressions

Below our 3 functions to display image, link and link with custom text:


Function displayImg(ByVal img As String) As String
Dim strResult As String = img
Dim strPattern As String = "\[img=([^\]]+)\]"
Dim strReplace As String = "<img src=""$1"" border=""0"" />"
strResult = Regex.Replace(strResult, strPattern, strReplace, RegexOptions.IgnoreCase)
Return strResult
End Function

Function displayUrl(ByVal url As String) As String
Dim strResult As String = url
Dim strPattern As String = "\[url]([^\]]+)\[\/url\]"
Dim strReplace As String = "<a href=""$1"" target=""_blank"">$1</a>"
strResult = Regex.Replace(strResult, strPattern, strReplace, RegexOptions.IgnoreCase)
Return strResult
End Function

Function displayUrlPlus(ByVal url As String) As String
Dim strResult As String = url
Dim strPattern As String = "\[url=([^\]]+)\]([^\]]+)\[\/url\]"
Dim strReplace As String = "<a href=""$1"" target=""_blank"">$2</a>"
strResult = Regex.Replace(strResult, strPattern, strReplace, RegexOptions.IgnoreCase)
Return strResult
End Function


Then we will need to add theses functions into our first function like this:


Function displayMsg(ByVal msg As String) As String
Dim strResult As String = msg
strResult = Server.HtmlEncode(strResult)
strResult = strResult.Replace("[ b ]", "<b>")
strResult = strResult.Replace("[ /b ]", "</b>")
strResult = strResult.Replace("[:)]", "<img src='http://www.rallystuff.net/curt/Images/emo/happy.gif'>")
strResult = displayImg(strResult)
strResult = displayUrl(strResult)
strResult = displayUrlPlus(strResult)
Return strResult
End Function


You can add more function if you wish, maybe mailto link and text color:

MAILTO LINK:

[ email = toto@toto.com ]

Function displayMailto(ByVal email As String) As String
Dim strResult As String = email
Dim strPattern As String = "\[email=([^\]]+)\]"
Dim strReplace As String = "<a href=""mailto:$1"">$1</a>"
strResult = Regex.Replace(strResult, strPattern, strReplace, RegexOptions.IgnoreCase)
Return strResult
End Function


TEXT COLOR:
[ color= red ]I am red[ /color ]

Function displayFontColor(ByVal fc As String) As String
Dim strResult As String = fc
Dim strPattern As String = "\[color=([^\]]+)\]([^\]]+)\[\/color\]"
Dim strReplace As String = "<span style=""color:$1;"">$2</span>"
strResult = Regex.Replace(strResult, strPattern, strReplace, RegexOptions.IgnoreCase)
Return strResult
End Function

Don't forget to add additional function into the displayMsg function.

By using RegexOptions.IgnoreCase this will allow your users to use lower or upper. [ url ] http.... [ /url ] or [ URL ] http.... [ /URL ] will works.

Make some tests with all the above codes and took what you need.

Thanks once again for your help! :thumbsup:

This has helped me loads. I just wish I understood the coding. Those functions are alien to me. I'm starting to learn ASP.NET 2.0 Professional in 2 weeks time, maybe I will get some information from that.

You are welcome CurtWRC. By the way you have done a great coding job with your blog.

Congrats and good luck :)

You are welcome CurtWRC. By the way you have done a great coding job with your blog.

Congrats and good luck :)

Thanks otaku149 :). I have big plans over the summer in terms of ASP.NET. Like I mentioned before I want to learn 2.0 at a professional level. As well as learn flash 8 at an intermediate/professional level.

I have been playing around with the above functions to make other formatting functions such as font size and font names. However now Im trying to create a quote tag like:

[ quote = 108 ] quoted text [/ quote ] (ignore spaces)

The '108' is the ID of the post being quoted. Then Ive created a function like this:

Function displayQuote(ByVal fc As String) As String
Dim strResult As String = fc
Dim strPattern As String = "\[quote=([^\]]+)\]([^\]]+)\[\/quote\]"
Dim Title As String = "<b>Post by: " & Query_DB("Select Poster as db from Threads where ID=$1") & "</b>"
Dim strReplace As String = "<table><tr><td>" + Title + "</td></tr><tr><td>$2</td></tr></table>"
strResult = Regex.Replace(strResult, strPattern, strReplace, RegexOptions.IgnoreCase)
Return strResult
End Function

I have basically changed a few parts of the code from an above post. However it doesn't like that I'm using '$1' in the 'Title' string. Why is this? Thanks.

When user click on "Quote" you get the message id by using Request.QueryString("quoteid"). You should query your database and display the message using Request.QueryString("quoteid") into your <asp:TextBox ID="Message"...

Let's suppose your table has the following fields:
NoID
Author
Message
ect...


Dim MessageID As Integer
MessageID = Request.QueryString("quoteid")
Dim conn As OleDbConnection
Dim MyCommand As OleDbCommand
Dim MyDataReader As OleDbDataReader

conn = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("????????"))
MyCommand = New OleDbCommand("SELECT * from YourTable where NoID = " & MessageID, conn)

conn.Open()
MyDataReader = MyCommand.ExecuteReader(CommandBehavior.CloseConnection)

While MyDataReader.Read
'IMPORTANT: remove spaces before and after the word quote below
Message.Text = "[ quote =" & MyDataReader.Item("Author") & "]" & MyDataReader.Item("Message") & "[/ quote ]"
End While

MyDataReader.Close()


That way you should see into your <asp:TextBox ID="Message"... something like this:
[ quote = Curt ]Hello my name is Curt bla bla bla[ / quote ] (ignore spaces)

User will add his own message and click on submit button to reply to the message originaly posted by Curt

------------------------

Now to display the message (not in <asp:TextBox ID="Message"... ) use the following function:


Function displayQuote(ByVal qt As String) As String

Dim strResult As String = qt
Dim strPattern As String = "\[quote=(\w+)](.+)\[\/quote\]"
Dim strReplace As String = "Quote:<div style=""background-color:#EBEBEB;padding:5px"">Originally Posted by <b>$1</b><br/>$2</div>"
strResult = Regex.Replace(strResult, strPattern, strReplace, RegexOptions.IgnoreCase)

Return strResult

End Function


Like we discuss previously in this thread, add that function displayQuote into the displayMsg function:

Function displayMsg(ByVal msg As String) As String
Dim strResult As String = msg
strResult = Server.HtmlEncode(strResult)
strResult = strResult.Replace("[ b ]", "<b>")
strResult = strResult.Replace("[ /b ]", "</b>")
strResult = strResult.Replace("[:)]", "<img src='http://www.rallystuff.net/curt/Images/emo/happy.gif'>")
strResult = displayImg(strResult)
strResult = displayUrl(strResult)
strResult = displayUrlPlus(strResult)
strResult = displayQuote(strResult)
Return strResult
End Function


Hope this help. I'll be back on this forum next August after my summer's holiday.

Best regards,

I already have a way of creating the quote tags like this:

http://www.rallystuff.net/curt/forum.aspx?action=postreply&id=78&quoteid=79

I already knew a way of using the original posters name like [ quote=Curt ], but I would like to use the ID of the post such as [ quote=79 ]. Then use the ID to query the database and display the poster's name and the date they posted. By using [ quote=Curt ] then the user can change the name themselves which I don't want possible. Is there any way of doing it like this?

Thanks.

Here is the fix for the nested customs tags:


Function displayFontColor(ByVal fc As String) As String
Dim strResult As String = fc
Dim strPattern As String = "\[color=(\w+)]([\S\s]*?)\[\/color\]"
Dim strReplace As String = "<span style=""color:$1;"">$2</span>"
strResult = Regex.Replace(strResult, strPattern, strReplace, RegexOptions.IgnoreCase)
Return strResult.Replace("]" & Chr(13), "]")
End Function

Function displayFontFamily(ByVal ff As String) As String
Dim strResult As String = ff
Dim strPattern As String = "\[font=(\w+)]([\S\s]*?)\[\/font\]"
Dim strReplace As String = "<span style=""font-family:$1;"">$2</span>"
strResult = Regex.Replace(strResult, strPattern, strReplace, RegexOptions.IgnoreCase)
Return strResult.Replace("]" & Chr(13), "]")
End Function

Function displayFontSize(ByVal fs As String) As String
Dim strResult As String = fs
Dim strPattern As String = "\[size=(\w+)]([\S\s]*?)\[\/size\]"
Dim strReplace As String = "<span style=""font-size:$1px;"">$2</span>"
strResult = Regex.Replace(strResult, strPattern, strReplace, RegexOptions.IgnoreCase)
Return strResult.Replace("]" & Chr(13), "]")
End Function

Thanks, the fixes work well. Is there a way to change the font size one so that it doesn't allow you to use any size? Instead is there a way of having 5 preset sizes like:

[size=1 ] - 8pt
[size=2 ] - 9pt
[size=3 ] - 10pt
[size=4 ] - 11pt
[size=5 ] - 12pt

Thanks.

An easy way is to replace the span tag by the font tag. That way choice will be between 1 and 7 where 1 is the smallest and 7 the biggest. They won't be able to enter greater then 7, if they try, 7 will be display.

In the displayFontSize function, replace this line:

Dim strReplace As String = "<span style=""font-size:$1px;"">$2</span>"

By this one:

Dim strReplace As String = "<font size=""$1"">$2</font>"

Thanks otaku. You have a solution to everything! :eek: :D

Thanks otaku. You have a solution to everything! :eek: :D
Unfortunately not to everything :)

Unfortunately not to everything :)

Do you know how to do this:

http://www.codingforums.com/showpost.php?p=462788&postcount=16

What you want to do is very hard and will take a lot of time, too much time for me to help because we will need to change how your forum works; database structure and coding.

OK, thanks anyway. Ive found a good way of doing it anyway. However like you found out yourself while testing there is an error when its nested. How can I not include the quote within the quote?

Thanks for testing by the way,
Curt.

OK, thanks anyway. Ive found a good way of doing it anyway. Curt.


Maybe I misunderstand something because I was able to use your name.
[ quote = curt]
test
[ /quote ]
I thought you wanted to replace the username by an ID

Yes, I wanted to use the posts actual ID. Then be able to retreive the post's username, date posted. However you said that this will be too difficult so I chose to simply display the username as use that as the '$1' value in the function. But when someone quotes a post, which already contains a post, the quote doesn't work. Only the first one does as you have seen in the 'test' thread on my site. So is there a way of somehow changing the Quote function so that if '$2' contains [ quote ] or [ quote=username ] then it replaces it with nothing?

Thanks.

How can I not include the quote within the quote?


IMPORTANT: remove space around the word quote in the below code.

What you can do is to remove the quote and his content and add new empty quote from code. Somewhere in forumpost.aspx when someone want to post reply you are populated from a datareader or something your textarea:

message.Text = your-sql-result

Now use the below function:


Function removeQuote(ByVal qt As String) As String
Dim strResult As String = qt
Dim strPattern As String = "\[ quote =(\w+)]([\S\s]*?)\[\/ quote \]"
Dim strReplace As String = ""
strResult = Regex.Replace(strResult, strPattern, strReplace, RegexOptions.IgnoreCase)
Return strResult.Replace("[/ quote ]", "")
End Function


And use it like this and add new quote, replace the word username by the username of the person we want to quote:

message.Text = "[ quote = username ]" & removeQuote(your-sql-result) & [/ quote ]

So let's supose you have the below message that we want to quote:
[ quote = bill ]
My name is bill
[/ quote ]
My name is Curt and this is my message and Tony is about to quote me.


By using the above technic the result will be:

[ quote = curt ]
My name is Curt and this is my message and Tony is about to quote me.
[/ quote ]
My name is Tony

*** By the way this message board seems to use the same technic ***

Thanks :D

Is there a way I can create a tag that will show UBBC code, as well as html tags.

Example:

[noubbc][ b ]Hello[/ b ] <b>Hello</b> (NO SPACES)