AUBBC
view release on metacpan or search on metacpan
6) Protection for emails to hide them from harvesters.
7) Code download for code tags
8) Perl code highlighter in the code tags
9) Fully customizable settings.
The advantage of using this BBcode is to have the piece of mind of using a secure program,
to restrict the usage of HTML/XHTML elements and to make formatting of posts easy to people that have no HTML/XHTML skill.
Most sites that use these tags show a list of them and/or easy way to insert the tags to the form field by the user.
The [c] or code tags can highlight Perl code, highlighting the Perl code with CSS in HTML/XHTML,
and in the examples folder the tag_list.cgi file has a CSS code you could work from and now a setting to change to a costume highlighter function.
This module addresses many security issues the BBcode tags may have mainly cross site script also known as XSS.
Each message is escaped before it gets returned if script_escape is Enabled and checked for many types of security problems before that tag converts to HTML/XHTML.
The script_escape setting and method also converts the ' sign so the text can be stored in a SQL back-end.
Most of the free web portals use the | sign as the delimiter for the flat file database, the script_escape setting and method also converts that sign so the structure of the database is retained.
Allows easy conversion to HTML and XHTML, existing tags will convert to the HTML type set.
6) Protection for emails to hide them from harvesters.
7) Code download for code tags
8) Perl code highlighter in the code tags
9) Fully customizable settings.
The advantage of using this BBcode is to have the piece of mind of using a secure program,
to restrict the usage of HTML/XHTML elements and to make formatting of posts easy to people that have no HTML/XHTML skill.
Most sites that use these tags show a list of them and/or easy way to insert the tags to the form field by the user.
The [c] or code tags can highlight Perl code, highlighting the Perl code with CSS in HTML/XHTML,
and in the examples folder the tag_list.cgi file has a CSS code you could work from and now a setting to change to a costume highlighter function.
This module addresses many security issues the BBcode tags may have mainly cross site script also known as XSS.
Each message is escaped before it gets returned if script_escape is Enabled and checked for many types of security problems before that tag converts to HTML/XHTML.
The script_escape setting and method also converts the ' sign so the text can be stored in a SQL back-end.
Most of the free web portals use the | sign as the delimiter for the flat file database, the script_escape setting and method also converts that sign so the structure of the database is retained.
Allows easy conversion to HTML and XHTML, existing tags will convert to the HTML type set.
the developer of the tag knowing if and what security issues the new tag may have.
The adding method restricts characters from being used in some variables of
the tags, like name and pattern.
See the other "Build your own tags" for usage
=head2 XSS protection and settings
The script_escape filter will disable XSS so the text of the code can be seen in
HTML/XHTML and the XSS code will not work in anyway.
Some parts use standard requirements allowing only these linking path formats:
protocal://location/web/path/or/file
/local/web/path/or/file
There are some uncontrollable security issues with allowing images [img] and link [url] auto-link tags,
you can disable [img] tags by setting "no_img => 1," to 1 as shown.
Security issues with the [url] and auto-link tags is not as bad since you have to click it to
get to the risky web site, unlike an image loading.
=head2 FYI
XHTML has better JavaScript security standards then HTML.
Developers can also use cookies with "httponly" flags to disable JavaScript from
reading that cookie, but the browsers must support it.
XSS, browser hijacking and other security risks can change by settings, browser vendors and program versions.
=head1 Tag Security Access
New to v4.05. Assign security levels for links, images, build and code tags.
Default settings allows all tags to be seen so there would be no changes needed
if you just wanted the latest version and not use this method yet.
Addition - AUBBC::make_link($link,$name,$javascript,$target) this is useful enough
to mention once.
Improvement - After lots of testing I have removed all /o in the regex. One main
reason is Memoize provides enough speed.
v3.13 - 09/30/2010
Addition - do_ubbc New built-in tag [list][*=1]... [*]... [/list], This will
follow XHTML or HTML Transitional element style and XHTML or HTML Strict will not
support the elements that tag [*=1] in the [list] will produce
(use the other enumerated List Block tags for XHTML or HTML Strict).
Addition - do_ubbc New built-in tag [em]Hello[/em]
Addition - New value for setting line_break 2 for old <br style. This effects script_escape.
Addition - This module now uses Memoize for a massive speed improvement.
If you thought it was fast before, I hope your sitting down when you bench this version. LOL
Addition - added setting highlight_function to replace the highlighting method
of AUBBC with a costume one.
html_to_text methods converting html line break <br> and new line \n
Addition - added fix_amp this setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.
Addition - added no_img this setting will allow some control for using [img] tags
for security reasons
Fixed - bug in settings_prep when a setting gets changed html_type could change
Fixed - Better support for XHTML 1.0 Strict for some tags having issues in do_ubbc
Fixed - in do_ubbc the [url] tag produces a bug if a link is used as a name
the fix converts the period and/or colon of the name so its not seen as a new
link.
Improvement - in do_unicode removed then changed the two regexs to do a 3 in 1 filter.
Improvement - in html_to_text added a code to fix a <br> bug if ppl use html or xhtml line break.
Improvement - moved the pattern building code from do_build_tag to add_build_tag
v2.0 - 10/07/2008 13:52:11
Fixed single tag [name] for build tags
Changed the regex in plain URL's
Removed bad patter setting and now using a more standard way to detect bad image tags
Fixed dynamic view in XHTML for the protect email method.
Added js_print method which will print out the javascript needed for the new protect email method
Added values for the code highlighter so it can support CSS classes
Added highlighting of variables and changed 2 quote regex to allow multi line quotes
and a few other things that make this 2.0
v1.30 - 09/08/2008 14:12:10
Addition - AUBBC::make_link($link,$name,$javascript,$target) this is useful enough
to mention once.
Improvement - After lots of testing I have removed all /o in the regex. One main
reason is Memoize provides enough speed.
v3.13 - 09/30/2010
Addition - do_ubbc New built-in tag [list][*=1]... [*]... [/list], This will
follow XHTML or HTML Transitional element style and XHTML or HTML Strict will not
support the elements that tag [*=1] in the [list] will produce
(use the other enumerated List Block tags for XHTML or HTML Strict).
Addition - do_ubbc New built-in tag [em]Hello[/em]
Addition - New value for setting line_break 2 for old <br style. This effects script_escape.
Addition - This module now uses Memoize for a massive speed improvement.
If you thought it was fast before, I hope your sitting down when you bench this version. LOL
Addition - added setting highlight_function to replace the highlighting method
of AUBBC with a costume one.
html_to_text methods converting html line break <br> and new line \n
Addition - added fix_amp this setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.
Addition - added no_img this setting will allow some control for using [img] tags
for security reasons
Fixed - bug in settings_prep when a setting gets changed html_type could change
Fixed - Better support for XHTML 1.0 Strict for some tags having issues in do_ubbc
Fixed - in do_ubbc the [url] tag produces a bug if a link is used as a name
the fix converts the period and/or colon of the name so its not seen as a new
link.
Improvement - in do_unicode removed then changed the two regexs to do a 3 in 1 filter.
Improvement - in html_to_text added a code to fix a <br> bug if ppl use html or xhtml line break.
Improvement - moved the pattern building code from do_build_tag to add_build_tag
v2.0 - 10/07/2008 13:52:11
Fixed single tag [name] for build tags
Changed the regex in plain URL's
Removed bad patter setting and now using a more standard way to detect bad image tags
Fixed dynamic view in XHTML for the protect email method.
Added js_print method which will print out the javascript needed for the new protect email method
Added values for the code highlighter so it can support CSS classes
Added highlighting of variables and changed 2 quote regex to allow multi line quotes
and a few other things that make this 2.0
v1.30 - 09/08/2008 14:12:10
6) Protection for emails to hide them from harvesters.
7) Code download for code tags
8) Perl code highlighter in the code tags
9) Fully customizable settings.
The advantage of using this BBcode is to have the piece of mind of using a secure program,
to restrict the usage of HTML/XHTML elements and to make formatting of posts easy to people that have no HTML/XHTML skill.
Most sites that use these tags show a list of them and/or easy way to insert the tags to the form field by the user.
The [c] or code tags can highlight Perl code, highlighting the Perl code with CSS in HTML/XHTML,
and in the examples folder the tag_list.cgi file has a CSS code you could work from and now a setting to change to a costume highlighter function.
This module addresses many security issues the BBcode tags may have mainly cross site script also known as XSS.
Each message is escaped before it gets returned if script_escape is Enabled and checked for many types of security problems before that tag converts to HTML/XHTML.
The script_escape setting and method also converts the ' sign so the text can be stored in a SQL back-end.
Most of the free web portals use the | sign as the delimiter for the flat file database, the script_escape setting and method also converts that sign so the structure of the database is retained.
Allows easy conversion to HTML and XHTML, existing tags will convert to the HTML type set.
the developer of the tag knowing if and what security issues the new tag may have.
The adding method restricts characters from being used in some variables of
the tags, like name and pattern.
See the other "Build your own tags" for usage
=head2 XSS protection and settings
The script_escape filter will disable XSS so the text of the code can be seen in
HTML/XHTML and the XSS code will not work in anyway.
Some parts use standard requirements allowing only these linking path formats:
protocal://location/web/path/or/file
/local/web/path/or/file
There are some uncontrollable security issues with allowing images [img] and link [url] auto-link tags,
you can disable [img] tags by setting "no_img => 1," to 1 as shown.
Security issues with the [url] and auto-link tags is not as bad since you have to click it to
get to the risky web site, unlike an image loading.
=head2 FYI
XHTML has better JavaScript security standards then HTML.
Developers can also use cookies with "httponly" flags to disable JavaScript from
reading that cookie, but the browsers must support it.
XSS, browser hijacking and other security risks can change by settings, browser vendors and program versions.
=head1 Tag Security Access
New to v4.05. Assign security levels for links, images, build and code tags.
Default settings allows all tags to be seen so there would be no changes needed
if you just wanted the latest version and not use this method yet.
Addition - AUBBC::make_link($link,$name,$javascript,$target) this is useful enough
to mention once.
Improvement - After lots of testing I have removed all /o in the regex. One main
reason is Memoize provides enough speed.
v3.13 - 09/30/2010
Addition - do_ubbc New built-in tag [list][*=1]... [*]... [/list], This will
follow XHTML or HTML Transitional element style and XHTML or HTML Strict will not
support the elements that tag [*=1] in the [list] will produce
(use the other enumerated List Block tags for XHTML or HTML Strict).
Addition - do_ubbc New built-in tag [em]Hello[/em]
Addition - New value for setting line_break 2 for old <br style. This effects script_escape.
Addition - This module now uses Memoize for a massive speed improvement.
If you thought it was fast before, I hope your sitting down when you bench this version. LOL
Addition - added setting highlight_function to replace the highlighting method
of AUBBC with a costume one.
html_to_text methods converting html line break <br> and new line \n
Addition - added fix_amp this setting finds all the & that need to covert to the amp; html code name
so the w3c xhtml validation checks ok.
Addition - added no_img this setting will allow some control for using [img] tags
for security reasons
Fixed - bug in settings_prep when a setting gets changed html_type could change
Fixed - Better support for XHTML 1.0 Strict for some tags having issues in do_ubbc
Fixed - in do_ubbc the [url] tag produces a bug if a link is used as a name
the fix converts the period and/or colon of the name so its not seen as a new
link.
Improvement - in do_unicode removed then changed the two regexs to do a 3 in 1 filter.
Improvement - in html_to_text added a code to fix a <br> bug if ppl use html or xhtml line break.
Improvement - moved the pattern building code from do_build_tag to add_build_tag
v2.0 - 10/07/2008 13:52:11
Fixed single tag [name] for build tags
Changed the regex in plain URL's
Removed bad patter setting and now using a more standard way to detect bad image tags
Fixed dynamic view in XHTML for the protect email method.
Added js_print method which will print out the javascript needed for the new protect email method
Added values for the code highlighter so it can support CSS classes
Added highlighting of variables and changed 2 quote regex to allow multi line quotes
and a few other things that make this 2.0
v1.30 - 09/08/2008 14:12:10
examples/tag_list.cgi view on Meta::CPAN
[[time] = [time]
HTML
# replace the list with any error that may happen
$message = $aubbc->aubbc_error()
? $aubbc->aubbc_error()
: $aubbc->do_all_ubbc($message);
print "Content-type: text/html\n\n";
print <<HTML;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>AUBBC.pm Tag List</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body>
<script type="text/javascript" src="?js_print">
</script>
<style type="text/css">
( run in 1.634 second using v1.01-cache-2.11-cpan-49f99fa48dc )