Thanks Leonardo
On a different forum, it was mentioned that a user could XSS by
entering <script type="text/javascript">alert('hello');</script> into
a field. Should I set the default to text() instead of html() to get
around this or should I try and filter out any script tags?
Rik
2008/11/20 Leonardo K <[EMAIL PROTECTED]>:
> Interesting idea. Great plugin
>
> On Thu, Nov 20, 2008 at 08:29, <[EMAIL PROTECTED]> wrote:
>>
>> Hi guys,
>>
>> I've just finished my new plug-in called magicpreview:
>>
>> http://rikrikrik.com/jquery/magicpreview/
>>
>> It's for use in forms and it automagically updates selected elements
>> on your page based on your form fields. Perfect for letting your users
>> see what they're doing when filling in forms. There's a couple of
>> demos on my site too.
>>
>> I'd love to hear your feedback and comments on my plug-in.
>>
>> Thanks,
>> Rik
>
--
Rik Lomas
http://rikrikrik.com
