If HTML is not allowed, it's better to escape the value instead of strip out content that resembles HTML.
-- *Hector Virgen* Sr. Web Developer Walt Disney Parks and Resorts Online http://www.virgentech.com On Mon, Oct 25, 2010 at 9:29 AM, robert mena <[email protected]> wrote: > Hi, > > I'd like to know if is it safe to filter XSS use Zend_Filter_Tags if none > of > my fields is supposed to receive any HTML. > > I read somewhere (at padraic's blog?) that for more sophisticated filtering > (like allowing certain tags/attributes) Zend_Filter_Tags is not the option. > > Regards. >
