Prevent images from displaying while loading with AnythingSlider

AnythingSlider is just another jQuery slider effect, except we can embed any content as it uses a semantic unordered list HTML (5) structure.

My recent client wanted a mixture of HTML, videos and images, which means you get the nasty flash of the UL elements whilst your browser renders the window. Apparently its called Flash Of Unstyled Content (or FOUC). Whatever. Its called really annoying to me. So here is a bit of code that should be included in the default anythingslider.css but isn’t for some reason.

Continue reading “Prevent images from displaying while loading with AnythingSlider”

Removing WordPress plugin references

I’d like remove all references WordPress plugins put into my HTML code.
Am I selfish? Or just prudent about security?

Whilst I am in no way against plugin authors advertising themselves in the HTML code of any WordPress blogs I set up (for myself, i9000 Networks, or clients), I still feel a little concerned that the more devious of web users can instantly gain a list of plugins I use, to potentially exploit.

Continue reading “Removing WordPress plugin references”

Yahoo Term Extractor

A recent project I was working on cause me to stumble over the Yahoo Term Extractor. Something I had previously never heard of – it is a very underrated tool.

The Term Extraction Web Service provides a list of significant words or phrases extracted from a larger content. Continue reading “Yahoo Term Extractor”

Making user inputted data safe

I like to use the PEAR library HTML_Safe to clean up any user input I collect from forms and such before saving to a database. (It is also downloadable seperately from PixelApes).

It strips out any potentially dangerous HTML and code such as;

  • opening tag without its closing tag
  • closing tag without its opening tag
  • any of these tags: “base”, “basefont”, “head”, “html”, “body”, “applet”, “object”,

    “iframe”, “frame”, “frameset”, “script”, “layer”, “ilayer”, “embed”, “bgsound”,
    “link”, “meta”, “style”, “title”, “blink”, “xml” etc.

  • any of these attributes: on*, data*, dynsrc
  • javascript:/vbscript:/about: etc. protocols
  • expression/behavior etc. in styles
  • any other active content

It’s been stuck at 0.9.9 beta since 2005 but the oldies are the goodies (See qmail, 1 & 2).

Useage, say for example, I want to make the $_GET[‘show’] variabl, which is passed in the query string safe;

require_once 'HTML/Safe.php';

$safehtml =& new HTML_Safe();
$show_safe = $safehtml->parse($_GET['show']);

For a lazy simple programmer it is simple to use even with ADODb’s AutoExecute() function which I am using more and more recently;

$safehtml =& new HTML_Safe();

foreach ($_POST as $foo) {
$_POST[$foo] = $safehtml->parse($foo);
}


$insert_rs = $conn->AutoExecute('SOME_TABLE', $_POST, 'INSERT');

Simple as.

It is also worth looking at HTMLPurifer which seems to be more recently updated.