> > > > B - I've seen literaure which says servers should > > block " < > " ' ; ( ) + - " characters. If one has not > > blocked all these types what are the implications > > (i.e., if only <> types are blocked) ? > >while "<" and ">" are the first nessasary step... those >other special characters can sometimes used to >modify HTML in other instances. All in all they are >just a good idea to filter so users arent messed with.
Not only HTML tags but also unix redirections: >> , >, << , < Alex mailto:[EMAIL PROTECTED] http://www.podergeek.com/ http://www.citfi.org ------------------------------------------------------ "The further backward you look, the further forward you can see" Winston Churchill "Access is GOD..."