--- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> I disagree. I think stripping HTML from my text is a horrible thing. If
> I want to put a <b> in my text, then use htmlentities() and show me a
> <b> when I look at it. Obviously you don't want to "evaluate" HTML, but
> the end result should be that I should see exactly what I typed into the
> text box.
Excellent point.
> If you need to allow formatted text, then use something like BBcode
> where you can specify exactly what is allowed.
Maybe there is something I'm missing, but I have always hated these alternative
markup languages like "BBcode" that seem to offer no benefit over HTML. If you
want to allow the <b> tag to be evaluated, you can do something like this after
you use htmlentities():
$blah = str_replace('<b>', '<b>', $blah);
$blah = str_replace('</b>', '</b>', $blah);
Of course, if people want the <b> to appear exactly as they type it, they would
either have to use <b>, or you would have to let them choose an option as
to whether they want to use HTML (much like slash code does).
Chris
=====
Become a better Web developer with the HTTP Developer's Handbook
http://httphandbook.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
