http://www.aspplayground.net/forum/(c) ASP Playground Support Forum30 Thanks Gene for your comment!<img src="http://www.aspplayground.net/forum/upfiles/smiley/s1.gif" alt="" /> <br> <br> I am not sure if you will be able to read this message (server will be down) so I will answer you as quickly as possible: <br> <br> <blockquote class="quote"><div style="width:50%;font-weight:bold; padding-bottom:4px;"></div>1) Where exactly do you replace the double-quotes with the " phrase? </blockquote> <br> <br> It is in SQLout function. <br> <br> <blockquote class="quote"><div style="width:50%;font-weight:bold; padding-bottom:4px;"></div>2) Why do quotes get replaced with quotes-plus-spaces?</blockquote> <br> <br> It is for search. See, without full-text indexing capability, you won' t be able to search words that are surrounded by " " . Like you can' t search the word " ALOHA" (with quote). So I decided to add a space after each double quote and single quote and have my code to perform search on <b>space(1)+searched term</b>. This is how we do search when you choose single byte character in the search interface. <br> <br> This is a very sophisticated way to prevent unwanted result. Like you don' t want to see <b>readable </b> when you just want to search <b>able</b>, but what about <b>" able" </b> (with quote) ? <br> <br> The same applies to vbcrlf. You can try searching the word <b>able</b> and you will know what I mean. <br> <br> <blockquote class="quote"><div style="width:50%;font-weight:bold; padding-bottom:4px;"></div>3) Where are you replacing the vbcrlf with a &lt;br&gt;? </blockquote> <br> It is in m_process.asp <br> <br> Again, thank you for your comment. I have tried my best to use browser' s JS capability to reduce server loads. We can actually use RegEXP with VBScript, but it is way way way too slow than JScript. And since today' s PC has a lot more CPU power than before, why not use it?<img src="http://www.aspplayground.net/forum/upfiles/smiley/s4.gif" alt="" /> (my home PC has 2.2GHz CPU =&gt; a lot more powerful than my current server) http://www.aspplayground.net/forum/fb.ashx?m=373581Mon, 15 Jul 2002 00:26:57 GMT Okay, I' ve been dinking around with your code (and teaching myself Javascript and RegEx' s in the process <img src="http://www.aspplayground.net/forum/upfiles/smiley/s3.gif" alt="" />) and see why enabling HTML can be difficult on this forum. I' ve done it, but I' m not totally satisfied, as I' m replacing all incidences of double-quotes in the " body" variable with single-quotes prior to passing it to pgdCode in m.asp and tm.asp. <br> <br> Couple of questions: <br> <br> 1) Where exactly do you replace the double-quotes with the <b>&</b><b>quot</b><b>;</b> phrase? <br> <br> 2) Why do quotes get replaced with quotes-plus-spaces? I have programmed around it, but am curious as to why you do this (I think it' s in SQLIn and SQLOut). <br> <br> 3) Where are you replacing the <b>vbcrlf</b> with a <b>&lt;br&gt;</b>? This is happening in some of my own internal table code within a post (for the countdown timers) except that it' s happening on a <b>&lt;tr&gt;</b> line and I would like to prevent this. <br> <br> BTW, I' ve come to the conclusion that this forum has the best design I' ve ever seen -- it is absolutely the least server intensive app while maintaining one of the most robust feature sets of all the ASP solutions around. When you have Javascript parsing all the UBB/PGDCode, you *obviously* know what you' re doing. You' ve done a hell of a job, Samuel! <img src="http://www.aspplayground.net/forum/upfiles/smiley/s2.gif" alt="" /> <br> <br> Thanks for any help/insight you can provide, <br> <br> Gene http://www.aspplayground.net/forum/fb.ashx?m=373580Mon, 15 Jul 2002 00:08:00 GMT I understand the security concern regarding Javascript but this is easily taken care of using search/replace functions. For example, we had situations where people were using what I called " script images" for various " countdown timers" and these were calling CGI scripts on other servers which were causing pop-up ads to appear when people visited pages on our boards that had one of these script images embedded. So we simply parsed all script images and replaced them with a standard graphic: <br> <br> <div align="center"><img src="http://www.tcoyf.com/forum/badimg.gif" /></div> <br> <br> I also parsed out any Javascript or VBScript, as well. <br> <br> So while allowing any and all HTML is a security risk, if you parse it to remove any potentially harmful scripts first, it' s not a problem. <br> <br> The only real hazard is when someone doesn' t use table tags appropriately, as this messes up the layout of the page, but that' s easily remedied by the moderators (" DELETE" ) <img src="http://www.aspplayground.net/forum/upfiles/smiley/s4.gif" alt="" />. <br> <br> http://www.aspplayground.net/forum/fb.ashx?m=373579Sun, 14 Jul 2002 17:29:39 GMT UPDATE = &gt; <br> <br> Please see this post: <a href="http://www.aspplayground.net/forum/fb.asp?m=373577" target="_blank">http://www.aspplayground.net/forum/fb.asp?m=373577</a> http://www.aspplayground.net/forum/fb.ashx?m=373578Sun, 14 Jul 2002 17:13:02 GMT I know the perils of allowing HTML in posts, but we' ve done it for a couple of years without any major consequences and our users now expect it. I know I can modify the code to allow it but thought it should be a standard option within the forum configuration area of the admin panel, as it is in many other board applications. <br> <br> Thanks! <br> <br> Gene http://www.aspplayground.net/forum/fb.ashx?m=373570Sun, 14 Jul 2002 11:54:25 GMT