What about HTMLFormat() what's the difference? I'm looking at livedocs now...
On Fri, Oct 8, 2010 at 11:58 AM, Matthew Woodward <[email protected]>wrote: > On Fri, Oct 8, 2010 at 8:51 AM, Jason Allen <[email protected]>wrote: > >> With the editor, they can pretty do whatever they want. They can't >> upload files at this point though. What precautions should I take? Any >> advice on how to proceed with letting people use something like this? >> Any functions that I can use to scan what people create for malicious >> stuff? >> > > Well, the usual precautions when you're letting people submit HTML content > to your site. Short answer is run HTMLEditFormat() on everything before you > submit it to the database. > > -- > Matthew Woodward > [email protected] > http://blog.mattwoodward.com > identi.ca / Twitter: @mpwoodward > > Please do not send me proprietary file formats such as Word, PowerPoint, > etc. as attachments. > http://www.gnu.org/philosophy/no-word-attachments.html > > -- > Open BlueDragon Public Mailing List > http://www.openbluedragon.org/ http://twitter.com/OpenBlueDragon > official manual: http://www.openbluedragon.org/manual/ > Ready2Run CFML http://www.openbluedragon.org/openbdjam/ > > mailing list - http://groups.google.com/group/openbd?hl=en > -- Open BlueDragon Public Mailing List http://www.openbluedragon.org/ http://twitter.com/OpenBlueDragon official manual: http://www.openbluedragon.org/manual/ Ready2Run CFML http://www.openbluedragon.org/openbdjam/ mailing list - http://groups.google.com/group/openbd?hl=en
