On 1/12/06, Simon Willison <[EMAIL PROTECTED]> wrote: > Thinking about this further, it could result in a security hole. If a > filter that removes dangerous markup failed silently and that markup > was spewed on to a page it could lead to an XSS vulnerability.
I would hope that the author of such a filter would take the "return an empty string" option; if you can't securely filter the output, it'd be better not to output at all. -- "May the forces of evil become confused on the way to your house." -- George Carlin
