interesting tag... however if you are allowing html input the best technique is to establish a list of allowable tags and then remove everything else. Trying to come up with a comprehensive list of bad tags to disallow is nearly impossible.
Andrew >I just stumbled across the safeText function over at cflib.org - >http://www.cflib.org/codeView.cfm?ID=56 > >Any views on how suitable this is for XSS protection (not SQL injection)? > >-- >Mark Stanton >Gruden Pty Ltd >http://www.gruden.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:249359 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
