Ya know I guess you really have think like a hacker. You would think blocking bad tags was enough.
I guess the only way to provide a WYSIWYG such as tinyMce would be to offer it to trusted uses only like moderators or administrators, but to regular members they should only use BBML or just offer them line breaks. >As a general rule, yes. Providing HTML editing in any publicly accessible >part of a web app is one of those "bad things" you typically want to avoid. >Here's just one example of why: > >http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/112923 >2391 > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:233256 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
