Michael M asked 1 year ago
Hi! Trying to create a textarea that accepts code submissions from users. Example:
```
/* A simple string copy */
#include <stdio.h>
#include <string.h>
int main(void)
{
char str[80];
strcpy(str, "copy str example");
puts(str);
return 0;
}
```
KSES strips the <stdio.h> elements completely, so how to keep them ?
Perhaps have a filter that encodes the < and > symbols found within ``` or code tags into the HTML encoded equivalents?
#include <stdio.h>
Has anyone done this before ? Maybe there's a simpler way :).
Really we'd be happy to get the unfiltered textarea content in a filter, then it would be trivial to HTML encode before the KSES sweep.
Michael M answered 1 year ago
Where there's a will, there's a way ! So far, the combination of these 3 filters handles things: add_filter( 'pre_kses', 'modify_pre_kses_defaults', 10, 3 ); // apply htmlspecialchars() to the textarea content add_filter( 'frm_add_entry_meta', 'custom_change_field_value'); // apply htmlspecialchars_decode() to the textarea content add_filter( 'frm_new_post', 'form_new_or_edit', 10, 2); // apply htmlspecialchars_decode() to the textarea content The code content is filtered out with regex in each of those functions- like this: // If inside ``` code block, then return htmlspecialchars($string); $string = "the string from textarea content"; // the regex pattern $search = "/```(.*?)```/is"; // first look for all CODE tags and their content preg_match_all($search, $string, $matches); // now replace all the CODE tags and their content with a htmlspecialchars() content (or htmlspecialchars_decode) foreach($matches[1] as $match){ $replace = htmlspecialchars($match); // or htmlspecialchars_decode // now replace the previously found CODE block $string = str_replace($match, $replace, $string); } return $string;``` Unless some edge case pops up, this looks like a reasonable fix.
Michael Mulholland
replied 1 year ago Argh. I give up. Trying to share the solution, but the forum formatting system is totally not having it 🙂
Please login or Register to submit your answer
Victor Font
Is it an option to have user upload their code to something like pastebin and then the user inputs the URL for their code submission?
Neat thought, but no. Needs to be handled through the single form / site.
Something like this hook might be handy in these cases, to toggle the frontend KSES: frm_allow_unfiltered_html ($formid, $fieldid, $loggedin_userid)
Even simpler might be a Formidable plugin that enables auto HTML encode/decode inside code blocks for posts and edits. This is probably only the
OR more generically a plugin that allows regex or find/replace filtering on text before KSES, and again on Edit ! Though I guess with a suitable filter hook just before the KSES, such a thing could be implemented by the users fairly simply, and probably me more versatile for many uses.
Seems like such a filter should exist and I'm missing something in the docs. Still reading.... !