This code pulls out all the nasty tags that a user sholdn't use when posting content. It also pulls out any javascript events assigned to any tags. A must have if you allow people to post HTML on your site.
| Submitted On | |
| By | Lewis E. Moten III |
| Level | Advanced |
| User Rating | 5.0 (10 globes from 2 users) |
| Compatibility | ASP (Active Server Pages) |
| Category | Strings |
| World | ASP / VbScript |
| Archive File |
(c)Copyright 2001 Lewis Edward Moten III, All rights reserved.
Function SafeHTML(ByVal pStrHTML)
Dim lObjRegExp
If VarType(pStrHTML) = vbNull Then Exit Function
If pStrHTML = "" Then Exit Function
Set lObjRegExp = New RegExp
lObjRegExp.Global = True
lObjRegExp.IgnoreCase = True
lObjRegExp.Pattern = "<(/)?SCRIPT|META|STYLE([^>]*)>"
pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1SCRIPT$3>")
lObjRegExp.Pattern = "<(/)?(LINK|IFRAME|FRAMESET|FRAME|APPLET|OBJECT)([^>]*)>"
pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1LINK$3>")
lObjRegExp.Pattern = "(<A[^>]+href\s?=\s?""?javascript:)[^""]*(""[^>]+>)"
pStrHTML = lObjRegExp.Replace(pStrHTML, "$1//protected$2")
lObjRegExp.Pattern = "(<IMG[^>]+src\s?=\s?""?javascript:)[^""]*(""[^>]+>)"
pStrHTML = lObjRegExp.Replace(pStrHTML, "$1//protected$2")
lObjRegExp.Pattern = "<([^>]*) on[^=\s]+\s?=\s?([^>]*)>"
pStrHTML = lObjRegExp.Replace(pStrHTML, "<$1$3>")
Set lObjRegExp = Nothing
SafeHTML = pStrHTML
End Function