Tom Chiverton wrote: > > I didn't see the start of the thread, so this may have been addressed - but > why are you letting your users enter HTML ?
That's not the sole purpose. In fact, I'm trying to "sanitize" HTML emails being viewed in a webmail application. > Either give them a WYSIWYG DHTML editor with no 'alter source' option Just FYI, that doesn't work because even if you disable the ability to edit source directly, users can still paste in undesirable stuff. Not really relevant to my case, but don't be fooled into thinking you're safe by disabling the alter source option. > , or have > them use BBCode or similar instead and replace all < and > with an escaped > version. Again, not relevant in this case. That is exactly what I do with CFMBB. Rick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:262042 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
