On 4/9/07, Joel Watson <[EMAIL PROTECTED]> wrote: > > Also, how will these change if I use the TinyMCE rich text editor?
The most important thing to remember when using ANY rich text editor is that you can paste in just about anything - even if you don't have the toolbars enabled. Table tags, script tags, object/embed tags, etc. It's really pretty easy to do. That being said.. if you're going to allow the use of a rich text editor, make sure you have a good UDF to strip *ALL* tags that you don't specifically allow for. You'll also want to strip *ALL* javascript event attributes of all tags... onmouseover, onclick, etc... and prevent the use of javascript: urls if you allow anchors, etc. Rick -- CFMBB - Coldfusion Message Boards, Version 1.21 Now Available! http://www.cfmbb.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| ColdFusion MX7 by AdobeĀ® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:274857 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
