Secure Auto-Link Maker

Description: A more secure version of the link conversion code which will hopefully make cross site scripting (XSS) attacks more difficult.

<?PHP
 
FUNCTION convert_links($str) {
       $replace = <<<eophp
'<a href="'.htmlentities('\\1').htmlentities('\\2').//remove line break
'">'.htmlentities('\\1').htmlentities('\\2').'</a>'
EOPHP;
   $str = PREG_REPLACE('#(http://)([^\s]*)#e', $replace, $str);
   RETURN $str;
}
 
?>

Enjoyed this post? Share it!

 

Leave a comment

Your email address will not be published.