I worked this period on bbcode and encountered a problem (nested similar codes)
this is the code 01 :
function FFF999_BBcode($content)
{
$search = array (
'/(\[color=)(.*?)(\])(.*?)(\[\/color\])/'
);
$replace = array (
'<span style="color: $2">$4</span>'
);
return preg_replace($search, $replace, $content);
}
this is the input:
[color=red][color=blue]test test test[/color][/color]
this is the result 01 :
<span style="color: red"><a href="page?q=color=blue">color=blue</a>test test test</span><a href="page?q=/color">/color</a><br />
=====================================
Then I modified the code to this
this is the code 02 :
function FFF999_BBcode($content)
{
$search = array (
'/(\[color=)(.*?)(\])/',
'/(\/color\])/',
);
$replace = array (
'<span style="color: $2">',
'</span>',
);
return preg_replace($search, $replace, $content);
}
this is the result 02:
<span style="color: red"><span style="color: blue">test test test[</span>[</span><br />
=====================================
Both codes have implementation problems.
But what is the best of them programmatically to start modifying it and find a complete solution to the result?
echo FFF999_BBcode('[color=red;"><img src=# onerror=javascript:alert(1)><!--]Test[/color]');- whitelist your colours