Reputation: 2093
Remove javascript links
I'm looking for a regex that will be able to replace all links like <a href="javascript://potentiallybadstuff"> Link </a> with a warning. I've been having a play but no success so far! I've always been bad with regex, can someone point me in the right direction? I have this so far:
Edit: People saying don't use Regex - the HTML will be the output of a markdown parser with all HTML tags in the markdown stripped. Therefore i know that the output of all links will be formatted as stated above, therefore regex would surely be a good tool in this particular situation. I am not allowing users to enter pure HTML. And SO has done something very similar, try creating a javascript link, and it will be removed
<?php
//Javascript link filter test
if(isset($_POST['jsfilter'])){
$html = "<a href=\"". $_POST['jsfilter']."\"> JS Link </a>";
$pattern = "/ href\\s*?=\\s*?[\"']\\s*?(javascript)\\s*?(:).*?([\"']) /is";
$replacement = "\"javascript: alert('Javascript links have been blocked');\"";
$html = preg_replace($pattern, $replacement, $html);
echo $html;
}
?>
<form method="post">
<input type="text" name="jsfilter" />
<button type="submit">Submit</button>
</form>
Upvotes: 2
Views: 700
Answers (4)
Reputation: 328
You should test quote and double quotes, handle white spaces, etc...
$html = preg_replace( '/href\s*=\s*"javascript:[^"]+"/i' , 'href="#"' , $html );
$html = preg_replace( '/href\s*=\s*\'javascript:[^i]+\'/i' , 'href=\'#\'' , $html );
Upvotes: 1
Reputation: 613
Try this code. I think, this would help.
<?php
//Javascript link filter test
if(isset($_POST['jsfilter'])){
$html = "<a href=\"". $_POST['jsfilter']."\"> JS Link </a>";
$pattern = '/a href="javascript:(.*?)"/i';
$replacement = 'a href="javascript: alert(\'Javascript links have been blocked\');"';
$html = preg_replace($pattern, $replacement, $html);
echo $html;
}
?>
Upvotes: 0
Reputation: 1931
The right regex should be :
$pattern = '/href="javascript:[^"]+"/';
$replacement = 'href="javascript:alert(\'Javascript links have been blocked\')"';
Upvotes: 3
Reputation: 874
Use strip_tags and htmlSpecialChars() to display user generated content. If you want to let users use specific tags, refer to BBcode.
Upvotes: 1
Related Questions
- Regex in Javascript to remove links
- PHP Regex completely remove HTML Anchor link from string in PHP
- Removing all html links except specific links PHP
- How can i remove link using regex in php?
- How can I get rid of all JavaScript from an HTML page?
- How do I strip all javascript out of an HTML document using PHP?
- PHP regular expression to remove all javascript with exception
- Extract and remove anchor tags which are not allowed
- Remove links where href is disallowed
- Find Links and Remove them from HTML