|
|
Posted by Richard Davey on 07/09/05 21:08
Hello Greg,
Saturday, July 9, 2005, 6:40:06 PM, you wrote:
GD> The same regular expression magic that keeps you from forgetting your
GD> [/i] can just as easily keep you from forgetting your </i>.
The difference is the extra hoops your reg exps will have to jump
through, and have to jump through perfectly. You will have to disallow
all <'s and >'s, but do allow them for <i>, <b>, etc etc. Then check
there has been nothing malicious inserted inside every one of those
tags in any shape or form, and all combinations thereof. I'm sorry but
I fail to see how *having* to perform masses of flawless reg-ex
kung-fu is a good thing, in my mind it just widens the margin for
developer error, which is a never a plus point.
It's horses for courses though, in the CMS I built for myself I allow
any damn thing I want ;) In the forum built for thousands of
teenagers, you'd have to be out of your mind to allow it. May as well
just give them your server reboot button while you're at it and ask
not to touch.
Best regards,
Richard Davey
--
http://www.launchcode.co.uk - PHP Development Services
"I do not fear computers. I fear the lack of them." - Isaac Asimov
Navigation:
[Reply to this message]
|