I was hoping to solicit an opinion:
There are some text areas where HTML-savvy users could choose to
embolden their text or emphasize it by using HTML. But if I use
htmlspecialchars() or htmlentities(), then this is not possible, even
though it makes my site safer by eliminating any HTML-related characters
that could compromise the site (like img tags or trying to close the
textarea tag and execute code). But I have seen some sites
(admittedly running Slash, which is Perl and not PHP-based) that accept
certain tags.
Do sites do this by running htmlspecialchars() on their users' input,
and then running a custom function that does substr() on safe
entities, turning them back into true tags? Or is there some other
method of allowing only certain HTML tags? BTW, the substr() idea is
just something I came up with in the shower, and might not even properly
work or be efficient.
Thanks
Erik
Erik Price
Web Developer Temp
Media Lab, H.H. Brown
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php