Remove all HTML tags - good idea for security, but bad for usability. You can remove active tags (script, object, applet, img, etc.) and not remove simple formating (<b>, <i> etc.), but you must clear some attrs for example from onmouseover or onclick . I think also you don't want to see <table width="1000px"> or <font size="1000"> in comments ;) Other way - use some BB codes for formating.
On Oct 27, 10:07 pm, cakeFreak <[EMAIL PROTECTED]> wrote: > Hey guys, > > cheers for your suggestions! > > What about security? > Should I strip out all html from comment messages, leave some stuff > etc? > > Dan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
