[thelist] ColdFusion and checking HTML

Raymond Camden jedimaster at macromedia.com
Thu Apr 26 08:27:45 CDT 2001


Hmm, this is a difficult question. At first I thought you were asking, "Show
me anything that is NOT html." That is fairly easy:

<CFSET STR = "<B>I stink</B>">
<CFSET CLEAN = REReplace(STR,"<[^>]*>","","ALL")>
<CFOUTPUT>#CLEAN#</CFOUTPUT>

This replaces all HTML. But, then you take it a step farther and say, things
like &nbsp; should be stripped. Well, for that one case, we can simply add
one more Replace function. That will leave you with a string that contains
no HTML and no &nbsp;.

However, it's not perfect. Consider this:

<CFSET STR = "<FONT COLOR=""white"">Hi</FONT>">

After stripping HTML and &nbsp;, you are left with Hi and would erroneously
think that HI would show up in the browser, but it would not. Well, as long
as the bgcolor was white. Heck, even if you checked and saw that the bgcolor
was black, the user could override the background color. (At least I think
so anyway.)

Does this help?

=======================================================================
Raymond Camden, Principal Spectra Compliance Engineer for Macromedia

Email   : jedimaster at macromedia.com
ICQ UIN : 3679482

"My ally is the Force, and a powerful ally it is." - Yoda

> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org]On Behalf Of jon steele
> Sent: Wednesday, April 25, 2001 8:31 PM
> To: thelist at lists.evolt.org
> Subject: [thelist] ColdFusion and checking HTML
>
>
> Hi,
>
> I'm in quote a dilemma. (not a good way to start off is it :-) )
> Hopefully some skilled CFer can help.
>
> I need to check an array full of strings for non-html text. That is, I
> want to check to see if the text in the array would show something when
> viewed in a browser or not. For example this should pass the
> validation:
>
> myarray[1]="<p class=blah style=blah>text</p><span id=blah
> style=blah>&nbsp;</span><img src=blah>"
>
> But this should NOT be allowed:
>
> myarray[2]="<p class=blah style=blah>&nbsp;</p><span></span>"
>
> Since when viewed in a browser, the above code would show a blank page.
>
> Is there an easy function which checks this?
>
> If not can someone help me in developing a loop which will check every
> instance of ">", then verify that the next character is not "<", the
> next 6 characters are not "&nbsp;", but allow it if the next 4
> characters are "<img".
>





More information about the thelist mailing list