On Fri, Oct 8, 2010 at 8:51 AM, Jason Allen <[email protected]> wrote:
> With the editor, they can pretty do whatever they want. They can't > upload files at this point though. What precautions should I take? Any > advice on how to proceed with letting people use something like this? > Any functions that I can use to scan what people create for malicious > stuff? > Well, the usual precautions when you're letting people submit HTML content to your site. Short answer is run HTMLEditFormat() on everything before you submit it to the database. -- Matthew Woodward [email protected] http://blog.mattwoodward.com identi.ca / Twitter: @mpwoodward Please do not send me proprietary file formats such as Word, PowerPoint, etc. as attachments. http://www.gnu.org/philosophy/no-word-attachments.html -- Open BlueDragon Public Mailing List http://www.openbluedragon.org/ http://twitter.com/OpenBlueDragon official manual: http://www.openbluedragon.org/manual/ Ready2Run CFML http://www.openbluedragon.org/openbdjam/ mailing list - http://groups.google.com/group/openbd?hl=en
