the probably easiest way there is: use h() for printing out the content of the comment it will make all special characters useless
by the way: use a captcha behaviour for those bots and you should be fine i even experimented with passive captchas not visible to the user and therefore not annoying but very effective against bots! On 15 Nov., 00:56, Miles J <mileswjohn...@gmail.com> wrote: > Well then thats your fault for allowing HTML. Either strip the HTML > completely or use a BB code system. > > http://www.milesj.me/resources/script/decoda > > On Nov 14, 3:00 pm, David Roda <davidcr...@gmail.com> wrote: > > > can they post php tags too? > > > I would be very scared of something like <?php unlink("/"); ?> > > > On Sat, Nov 14, 2009 at 4:55 PM, thankyou <gregbo...@gmail.com> wrote: > > > I do currently use captcha but its obviously not sufficient. People > > > can still post <a href ... links. > > > > On Nov 14, 4:00 pm, Miles J <mileswjohn...@gmail.com> wrote: > > > > It seems your not doing any validation or filtering, thats a problem > > > > with your app, not the spam. Try adding a captcha or a spam blocker. > > > > >http://www.milesj.me/resources/script/commentia-behavior > > > > > On Nov 14, 12:31 pm, LancerForHire <lancerforh...@gmail.com> wrote: > > > > > > If they are able to post raw html to show nude pictures I can only > > > > > imagine what else they can do :( > > > > -- > > > > You received this message because you are subscribed to the Google Groups > > > "CakePHP" group. > > > To post to this group, send email to cake-...@googlegroups.com. > > > To unsubscribe from this group, send email to > > > cake-php+unsubscr...@googlegroups.com<cake-php%2bunsubscr...@googlegroups.com> > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/cake-php?hl=. -- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-...@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/cake-php?hl=.
