Code Snippet > PHP

BB Code to HTML Parser with PHP

This function parse string that consists BB Code to HTML. It's really useful when you don't want user to use HTML tags to avoid XSS attack. Due the the simplicity of this script, it's very easy to reverse the parser to convert HTML to BBCode as well.

PHP

Simply call the function by passing your string you wish to parse. To convert the parser to HTML to BB Code, change this line:

$newtext = str_replace($bbcode, $htmlcode, $text);

to

$newtext = str_replace($htmlcode, $bbcode, $text);

function bb2html($text)
{
  $bbcode = array("<", ">",
                "[list]", "[*]", "[/list]", 
                "[img]", "[/img]", 
                "[b]", "[/b]", 
                "[u]", "[/u]", 
                "[i]", "[/i]",
                '[color="', "[/color]",
                "[size="", "[/size]",
                '[url="', "[/url]",
                "[mail="", "[/mail]",
                "[code]", "[/code]",
                "[quote]", "[/quote]",
                '"]');
  $htmlcode = array("&lt;", "&gt;",
                "<ul>", "<li>", "</ul>", 
                "<img src="", "">", 
                "<b>", "</b>", 
                "<u>", "</u>", 
                "<i>", "</i>",
                "<span style="color:", "</span>",
                "<span style="font-size:", "</span>",
                '<a href="', "</a>",
                "<a href="mailto:", "</a>",
                "<code>", "</code>",
                "<table width=100% bgcolor=lightgray><tr><td bgcolor=white>", "</td></tr></table>",
                '">');
  $newtext = str_replace($bbcode, $htmlcode, $text);
  $newtext = nl2br($newtext);//second pass
  return $newtext;
}

Source: http://elouai.com/bbcode-sample.php



Show Some Love, Spread This Post!

You might like these codes

4 comments

WeeDzCokie Fri, 16th March 2012 @roggy
To prevent script injection couldn't you make a bbcode tag "script=" and have it replaced with a different html tag
Reply
roggy Mon, 31st October 2011 bad for XSS attack: [url="http / / " script="javascript:doevel();"]url[/url]
Reply
WeeDzCokie Sat, 17th March 2012 You can run a preg_match on the string that is going to be inserted to the page/database and check for any line that matches <a *text* script=""></a> and remove that line
Fliggerty Wed, 17th August 2011 Thank you, this is exactly what I was looking for!

I will point out that there are some quotes that ought to be apostrophes in there though, such as "[size="". But it was easily remedied, and this function does exactly what I need.

So thanks again!
Reply

Leave a comment

Have something to say? Drop a comment! No HTML tags are allowed in the comment textfield.

Advertisement