Thanks Leonardo On a different forum, it was mentioned that a user could XSS by entering <script type="text/javascript">alert('hello');</script> into a field. Should I set the default to text() instead of html() to get around this or should I try and filter out any script tags?
Rik 2008/11/20 Leonardo K <[EMAIL PROTECTED]>: > Interesting idea. Great plugin > > On Thu, Nov 20, 2008 at 08:29, <[EMAIL PROTECTED]> wrote: >> >> Hi guys, >> >> I've just finished my new plug-in called magicpreview: >> >> http://rikrikrik.com/jquery/magicpreview/ >> >> It's for use in forms and it automagically updates selected elements >> on your page based on your form fields. Perfect for letting your users >> see what they're doing when filling in forms. There's a couple of >> demos on my site too. >> >> I'd love to hear your feedback and comments on my plug-in. >> >> Thanks, >> Rik > -- Rik Lomas http://rikrikrik.com