You also have to consider the possibility that someone can submit HTML that has tags with no coressponding ending tags. This could wreak havoc with your layout. You can fix this by using an HTML parser to find any open tags and emit closing tags.
Or, you could save yourself a lot of trouble and use safehtml. Safehtml also filters other dangerous content. http://pixel-apes.com/safehtml/ Bob wrote: >Hi Feris, > >$allowed_tags = "<b><strong><ul><li>"; //etc >$text = strip_tags($text, $allowed_tags); > >or use: > >$text = strip_tags($text); //remove all tags > >or do you just want to remove <script> tags? >It depends on what your going to do with it. > > >----- Original Message ----- >From: "Feris Thia" <[EMAIL PROTECTED]> > > > >>I currently develop CMS using web-based Rich Text Editor which then >>can contain some HTML tags. This tags only for formatting usages. When >>I submit the form, do I have any PHP functions filtering any harmful >>code that may exists ? Such as javascript code bla bla bla :) >> >> > > > >Community email addresses: > Post message: php-list@yahoogroups.com > Subscribe: [EMAIL PROTECTED] > Unsubscribe: [EMAIL PROTECTED] > List owner: [EMAIL PROTECTED] > >Shortcut URL to this page: > http://groups.yahoo.com/group/php-list >Yahoo! Groups Links > > > > > > > > > > > > -- --------------------------------- * Brandon Smith * programmer / web designer * http://sproutworks.com Community email addresses: Post message: php-list@yahoogroups.com Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] List owner: [EMAIL PROTECTED] Shortcut URL to this page: http://groups.yahoo.com/group/php-list Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/php-list/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
