Smarty, BBCode, SafeHTML and Nofollow


We currently use the Smarty Template Engine. I chose this over writing a new one because Smarty is powerful, and sufficient for our needs. Ideally I would have been able to use something like Savant with sandboxed PHP but to my knowledge, no template engines use PHP syntax and provide a sandbox. Sandboxing would stop malicious template designers from executing code on the server.

Smarty has some pretty nice syntax and there are quite a few PHP applications which use it so anyone who has used them before should be familiar – if you haven’t, it’s no harder than other templating systems (arguably easier).


There are probably hundreds of forum softwares implementing BBCode, each implementing them in slightly different ways. I believe there are many problems with BBCode but people seem to like them after years of muscle memory. For those who like statistics, I gathered the popularity of each markup type from the Evolution Forums. BBCode is still used by around 10% of the community.

Markup Objects Users with Default Markup*
Markdown 43,573 34
BBCode 6,301 58
Plain Text 3,577 34
HTML 2,419 88
Textile 411 6

Note: Markdown is the default content parser. Any users which haven’t set a default markup type in the options page will get Markdown by default. Markdown will therefore be under-represented by these statistics.

I didn’t want to create yet another variant of BBCode. The obvious candidates for inclusion in this software were phpBB’s BBCode Parser and PEAR::HTML_BBCodeParser. I couldn’t find my way around phpBB’s BBCode Parser, so for the moment, we use the PEAR variant. However I’m not too happy with it and on the lookout for an easily reusable BBCode Parser – preferably GPL licensed and not too BB specific. If anyone has any ideas, I’d love to hear them.


SafeHTML or HTML_Safe is the amazing library I’m using for input filtering. This means the individual markup engines don’t have to check the HTML is safe i.e. by design Markdown allows inline HTML. There is also a setting which allows us to turn on and off SafeHTML for different users, groups, whatever. As an added bonus, it should ensure that tags are nested correctly and does a semi-good job of making it more XHTML-like.


rel=”nofollow” was a Google initative designed to stop spam. There are many problems with nofollow. It is indeed true that bloggers have not noticed a decrease in spam with nofollow and the vast majority of blogging software now automatically marks everything with a nofollow. This great article on nofollow describes how nofollow did nothing to stop spam but actually helped the search engines in reducing “blog noise”.

For these reasons, I am not adding support for nofollow.

3 thoughts on “Smarty, BBCode, SafeHTML and Nofollow

  1. Thanks for the link for SafeHTML. Good timing. I’ve read a lot about pear, and hope to actually understand what I read sometime in the future. I’ve got an idea of what pear does, how it can be very useful. I hope to utilise it one day.

  2. Sorry if it wasn’t clear; under represented in the number of people who actually choose to have Markdown as the default as they won’t change the preference and nothing is recording in the DB. But yeah, it would be over-represented popularity wise.

Leave a Reply

Your email address will not be published. Required fields are marked *