ID: 8095 Updated by: jimw Reported By: [EMAIL PROTECTED] Old-Status: Analyzed Status: Closed Bug Type: Documentation problem Assigned To: Comments: not a documentation bug. Previous Comments: --------------------------------------------------------------------------- [2000-12-15 18:50:12] [EMAIL PROTECTED] The problem we have here is avoiding people possible using HTML maliciously and also making the manual notes readable, maybe we need to use nl2br() and then get rid of the <pre> and only allow the use of < when either on its on, followed by a ? or =, this would solve the problem of malicious HTML being inserted into the notes, another option is also to convert t into  , what do others think of this.. a regex to test entries going into the database and also all current entries coming out of the database shouldnt be too hard to construct but I agree < and > in the notes is ugly, what do others think about this as an option, can you see any problems with this.. Or allow < in code and convert it to < and > and then convert back the ones we can veryify to be right... Im just not sure about hot to handle them in comparisons cause both < Script> is valid but not easy to catch.. as if($testvar < Script) { is also valid.. can anyone come up with a good solution?? --------------------------------------------------------------------------- [2000-12-04 10:19:26] [EMAIL PROTECTED] Some of the comments added seem to generate html codes for some of the symbols for example line 2 below taken from the variable page: <PRE> <? $A = 1; I assume that < is in fact the < symbol. If you are a newbie to html and php as I am this makes some of the comments difficult to follow. I do code in c, c++ and java so have a fair idea of what I want to know how to do, its just difficult to read. Hope you can sort this out at some point as I have been using the manual quite extensively. Thanks Michelle Richardson --------------------------------------------------------------------------- Full Bug description available at: http://bugs.php.net/?id=8095 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]