Posted by Daniel Tryba on 05/25/05 21:04

In comp.lang.php ZeldorBlat <zeldorblat@gmail.com> wrote:
> I will allow you to strip out HTML tags, and even specify which tags
> you want to keep (i.e. <b>, <i>, <br>, etc.). It won't allow you to
> strip just external links, but it's a good start.


That would still allow for events to happen for these elements, it makes
it just a _little bit_ harder to abuse. IMHO it's better to use your own
markup tags (eg [i]italic[i]) and apply the transformation to <i>italic</i>
after escaping the contents.

• Next in forum: Re: Allow/Make safe html user comments
• Prev in forum: Re: PHP and framing a site.
• Thread view: Re: Allow/Make safe html user comments

[Reply to this message]