TEXT FIELD question (HTML enabled)

[Tea_J]

Hi...

I'm makin a FlaSH guestbook/news and I've got some problems..

you see? I have my Dynamic Field HTML-ENDABLED.. my method is, when u press submit, flash combines the inputs and adds HTML tags to the inputs inorder for it to display da way i want to.. (Color, etc)

The ProBLeM is, when i input characters such as quotes, ', <>, or stuffs like dat, IT FU*KS UP THE REST of the entries..
IM affraid dat someone might try to put a <a href="Mailto --stuff within their messages and dont get it correctly, it'll mess up da rest of the previous messages..


So Qeustions..

1)How do I fix da problem above?

2)or better yet, how do I tell flash to EXCLUDE wicked characters such as <>.".' and all that. (LIKE IN DA FLASH-DB.com GuestbOOK.. Try puting those characters,, and view da results, you'll find dat it is erared or sumthin...

3)umm.. i forgot.. hehehe,..


So yeah, sup?

[Northcode]

If you're guestbook will allow display of HTML then you can do a search and replace to replace "<" with "&lt" and ">" with "&gt" so any HTML they type will appear exactly as they entered it.

If you want to strip all the HTML out of a piece of text you can do it using the function below. There are probably more efficient methods but this works fine on small blocks of text.

Code:

function RemoveTags(t)
{

	var s = "";
	var keep = TRUE;

	for (i=0; i<t.length; i++) {
		c = t.charCodeAt(i)
		if (c == 60) keep = FALSE;
		if (keep == TRUE) s = s add chr(c);
		if (c == 62) keep = TRUE;
	}	

	return s;

}

withtags = "<html><body>sample...</body></html>";

notags = RemoveTags(withtags);

[Tea_J]

hmm.. cool.. but yo, im more interested in the first method, coz i kind figured out the destructive characters already "<" "%" and all that.. and using the second method you suggested means i have to redo a big part of my flash guestbook like, reconstructing the HTML tags...... I HAVE TO add the HTML tags as the user sends it...

it's like, this:
USER INPUT:
NAME = Joe
EMAIL = cool@cool.com

on send, i combine these values into one variable (data) and sends it to my server.

data="<P ALIGN="LEFT"><FONT FACE="Verdana" SIZE="10" COLOR="#FF0000">" + NAME
+ "<P ALIGN="LEFT"><FONT FACE="Verdana" SIZE="10" COLOR="#999999">" + "<a href=\"mailto:" EMAIL "\">" + NAME + data

actually, i preset already the html codes..


SO yeah, how do i do search and replace????? Do i do it in da flash movie? or on my server script????


PS
tnx a lot man, you're a great help!

[Northcode]

This is a a simple string replace function from p.592 of Colin Moock's book, ActionScript: The Definitive Guide.

Code:

function replace (origStr, searchStr, replaceStr)
{

  var tempStr ="";
  var startIndex =0;

  if (searchStr == "") {
    return origStr;
  }

  if (origStr.indexOf(searchStr) != -1) {

    while ((searchIndex = origStr.indexOf(searchStr,startIndex)) != -1) {

      tempStr += origStr.substring(startIndex,searchIndex);
      tempStr += replaceStr;
      startIndex = searchIndex + searchStr.length;

    }

    return tempStr + origStr.substring(startIndex);

  } else {

    return origStr;

  }

}

And this is an example that shows how you can use the replace function.

Code:

text = "<html><body>whatever</html></body>";

text = replace(text, "<", "&lt");
text = replace(text, ">", "&gt");

trace (text);

[Northcode]

You could still use the HTML stripper if you remove the HTML from your users input before you add your HTML around it. That would ensure that nobody could do anything sneaky.

You could also use the string replace function to do something like the vB code that vBulletin allows. Let your users enter simple HTML with [ and ] instead of < and > and then do the replacements on pre-defined sequences (instead of just the brackets so they can't cheat).

[Tea_J]

GeEEEsH man THANKS!!!

I got it workin perfect that thing from the book.. you know wut? it did work replacing "<" with "&lt", but when i save it in my text file, and retrieve it back, it's still read as the freaky "<" , hence when I send the vars back, it messes up the whole thing still! But nevadaless, i had a work around for this... instead of changing it to "&lt" (still interpreted by the text field as the"<" -damaging), i change it to "("... hehehe... and i even thought of a great idea! Ima use it for WORD FILTERING!!! hehe,like change bad words to WORST ONES!!!!! hehehe... (kidding)

So yeah, GREAT!!! Thanks a lot!!! I APPRECIATE IT A LOT.. muchoz gracias amigos!

[Tea_J]

eyo, you know what? hehe, i found this site (http://thetruth.com/flash/index.cfm?id=1).... it's a real cool site. anyways, it had this small message box you know? and it seemed like it was using the same method as I was in this issue of ours... so, yeah, i couldnt help but try ma bugg there.. so i typed :

<a hre alsda dlad

(noticed da wicked "<" ???)

anyways, I SOOO DIDNT MEAN TO FU** IT UP!!!!!! hehehe, but i guess i did.. but dont worry, i emailed them my appologies and told them to open the textfile that held all the values and delete my entry... Whew>

[Knoj]

Regarding the code:

Code:

function RemoveTags(t){
	var s = "";
	var keep = TRUE;
	for (i=0; i<t.length; i++) {
		c = t.charCodeAt(i)
		if (c == 60) keep = FALSE;
		if (keep == TRUE) s = s add chr(c);
		if (c == 62) keep = TRUE;
	}	
	return s;
}
withtags = "<html><BODY BGCOLOR="#ffffff" TEXT="#000000" marginheight=0 marginwidth=0 topmargin=0 leftmargin=0 rightmargin=0 id=all>sample...</body></html>";
notags = RemoveTags(withtags);

I am assuming that 60 = "<" and 62 = ">" but I need to remove all of the "\r" chars. Do you happen to know what the charCode for "\r" and "\n" are?

Thanks! (Always thanks to NorthCode!)

[Northcode]

"\n" is 10 and "\r" is 13

These ones are pretty common so I knew what they were, but you can find the code for any character you want like this...

t = "\n";
trace(t.charCodeAt(0));

[Knoj]

Thanks NorthCode!

Once again, you are awsome! I also thank you for showing me how to find out what the charcodes for others are!