Actually i think in the latest release v3.2.4 might need a patch in
BOLTdomarkup:
after line
$out = str_replace('$', '$', $out);
add line
$out = str_replace('<', '<', $out);
without it you can get active javascript if the text has <script>.... as
content.
I really hate suggesting a 'replacing patch' like this, but
htmlspecialchars() at that point does do more damage than good, and i have
not figured out how to avoid that.
~Hans
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"BoltWire" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/boltwire?hl=en
-~----------~----~----~----~------~----~------~--~---
