Michael M asked 3 years ago
Hi! Trying to create a textarea that accepts code submissions from users. Example:
```
/* A simple string copy */
#include <stdio.h>
#include <string.h>
int main(void)
{
char str[80];
strcpy(str, "copy str example");
puts(str);
return 0;
}
```
KSES strips the <stdio.h> elements completely, so how to keep them ?
Perhaps have a filter that encodes the < and > symbols found within ``` or code tags into the HTML encoded equivalents?
#include <stdio.h>
Has anyone done this before ? Maybe there's a simpler way .
Really we'd be happy to get the unfiltered textarea content in a filter, then it would be trivial to HTML encode before the KSES sweep.
Michael M answered 3 years ago
Where there's a will, there's a way ! So far, the combination of these 3 filters handles things: add_filter( 'pre_kses', 'modify_pre_kses_defaults', 10, 3 ); // apply htmlspecialchars() to the textarea content add_filter( 'frm_add_entry_meta', 'custom_change_field_value'); // apply htmlspecialchars_decode() to the textarea content add_filter( 'frm_new_post', 'form_new_or_edit', 10, 2); // apply htmlspecialchars_decode() to the textarea content The code content is filtered out with regex in each of those functions- like this: // If inside ``` code block, then return htmlspecialchars($string); $string = "the string from textarea content"; // the regex pattern $search = "/```(.*?)```/is"; // first look for all CODE tags and their content preg_match_all($search, $string, $matches); // now replace all the CODE tags and their content with a htmlspecialchars() content (or htmlspecialchars_decode) foreach($matches[1] as $match){ $replace = htmlspecialchars($match); // or htmlspecialchars_decode // now replace the previously found CODE block $string = str_replace($match, $replace, $string); } return $string;``` Unless some edge case pops up, this looks like a reasonable fix.
Argh. I give up. Trying to share the solution, but the forum formatting system is totally not having it 🙂
When you want to post code, use pastebin or gist and post the link.
Please login or Register to submit your answer
Staff replied 3 years ago
Is it an option to have user upload their code to something like pastebin and then the user inputs the URL for their code submission?
replied 3 years ago
Neat thought, but no. Needs to be handled through the single form / site.
Something like this hook might be handy in these cases, to toggle the frontend KSES: frm_allow_unfiltered_html ($formid, $fieldid, $loggedin_userid)
Even simpler might be a Formidable plugin that enables auto HTML encode/decode inside code blocks for posts and edits. This is probably only the
OR more generically a plugin that allows regex or find/replace filtering on text before KSES, and again on Edit ! Though I guess with a suitable filter hook just before the KSES, such a thing could be implemented by the users fairly simply, and probably me more versatile for many uses.
Seems like such a filter should exist and I'm missing something in the docs. Still reading.... !