Hey, <clip> > > The typical way that forums handle this is to use what is called > > "BBCode". In short, you have a non-HTML way for users to supply .... > > [i]This text will be in italics.[/i] > > [b]This text will be in bold.[/b] </clip>
> If you're gonna allow the <i> tag then just allow it. There's no > point in allowing something else just to spend CPU cycles converting > it to what you could have allowed in the first place. It doesn't make > it more safe that way. Just clean out the stuff you don't want and be > done with it. > > define( 'ALLOWED_TAGS', > '<a><b><blockquote><br><cite><dd><div><dl><dt><ecode><em><i><li><ol><p><stro ng><tt><ul>' ); > > $string = strip_tags( $string, ALLOWED_TAGS ); The problem with this approach is if people dont close their tags properly (mistake or purpose) they can screw up your page.... eg <br blah blah blah blah <cite>something<cite> (no closing tag) my $0.2 Cheers, Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
