Russ wrote: > > Everything works nicely from a display perspective. In order to be > safe, secure and prevent anyone from entering junk into our > comments--such as unclosed HTML tags or other junk that could "break" > the site, I have set the following: > > <CFSET commentOutput = > "#Replace(commentPost,strCRLF,strHTMLCRLF,'all')#"> > > THEN, because I thought I was wise, I did the following: > > #ReReplace(commentOutput,"<[^>]*>"," ","all")# > > This is an attempt to strip out any HTML that anyone ELSE might but in, > failing to realize that I'd just stripped out my own HTML that I wanted > to place in there. I am taking a guess that I'd have to get rid of the > "all" in my ReReplace, but I'm not entirely sure how that'd work nor am > I sure that's the right path. > > Can anyone offer any insight?
Switch the order. First strip ALL HTML (it is theirs), then add your own. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
