Posted by Steven Saunderson on 09/25/07 06:20
On Mon, 24 Sep 2007 16:42:07 -0400, Harlan Messinger
<hmessinger.removethis@comcast.net> wrote:
> Steven Saunderson wrote:
> > Assuming that HTML comments are not allowed inside tags could you try
> > putting <!-- > --> after the user input. This should fix an open tag
> > but not necessarily an open element.
> >
> Is that effective when there's an open single or double quote delimiting
> an attribute value?
Good point; it probably won't work. I suppose the OP will have to
validate everything or change all < to <.
--
Steven
Navigation:
[Reply to this message]
|