This function parse string that consists BB Code to HTML. It's really useful when you don't want user to use HTML tags to avoid XSS attack. Due the the simplicity of this script, it's very easy to reverse the parser to convert HTML to BBCode as well.
PHP
Simply call the function by passing your string you wish to parse. To convert the parser to HTML to BB Code, change this line:
$newtext = str_replace($bbcode, $htmlcode, $text);
to
$newtext = str_replace($htmlcode, $bbcode, $text);
function bb2html($text) { $bbcode = array("<", ">", "[list]", "[*]", "[/list]", "[img]", "[/img]", "[b]", "[/b]", "[u]", "[/u]", "[i]", "[/i]", '[color="', "[/color]", "[size="", "[/size]", '[url="', "[/url]", "[mail="", "[/mail]", "[code]", "[/code]", "[quote]", "[/quote]", '"]'); $htmlcode = array("<", ">", "<ul>", "<li>", "</ul>", "<img src="", "">", "<b>", "</b>", "<u>", "</u>", "<i>", "</i>", "<span style="color:", "</span>", "<span style="font-size:", "</span>", '<a href="', "</a>", "<a href="mailto:", "</a>", "<code>", "</code>", "<table width=100% bgcolor=lightgray><tr><td bgcolor=white>", "</td></tr></table>", '">'); $newtext = str_replace($bbcode, $htmlcode, $text); $newtext = nl2br($newtext);//second pass return $newtext; }
Comments will be moderated and
rel="nofollow"
will be added to all links. You can wrap your coding with[code][/code]
to make use of built-in syntax highlighter.I will point out that there are some quotes that ought to be apostrophes in there though, such as "[size="". But it was easily remedied, and this function does exactly what I need.
So thanks again!
To prevent script injection couldn't you make a bbcode tag "script=" and have it replaced with a different html tag
This function can add smilies?
ty.