on 11/20/01 7:43 AM, "Danny Angus" <[EMAIL PROTECTED]> wrote:
> filter everything for public consumption its safest, its not just <SCRIPT> > you have to watch out for its also pernicious things like <P > onMouseOver="foo();"> which may not work often, but you don't want it to > *ever*, and who is to say which inline event handler will or won't work on > what browser now or in the future, its really the only safe way IMO. Do you have some code you can contribute for this? -jon -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
