ID: 8095
Updated by: jimw
Old-Status: Analyzed
Status: Closed
Bug Type: Documentation problem
Assigned To: 

not a documentation bug.

Previous Comments:

[2000-12-15 18:50:12] [EMAIL PROTECTED]
The problem we have here is avoiding people possible using HTML maliciously and also 
making the manual notes readable, maybe we need to use nl2br() and then get rid of the 
<pre> and only allow the use of < when either on its on, followed by a ? or =, this 
would solve the problem of malicious HTML being inserted into the notes, another 
option is also to convert t into &nbsp, what do others think of this.. a regex to test 
entries going into the database and also all current entries coming out of the 
database shouldnt be too hard to construct but I agree &lt; and &gt; in the notes is 
ugly, what do others think about this as an option, can you see any problems with 
this.. Or allow < in code and convert it to &lt; and &gt; and then convert back the 
ones we can veryify to be right... Im just not sure about hot to handle them in 
comparisons cause both < Script> is valid but not easy to catch.. as if($testvar < 
Script) { is also valid.. can anyone come up with a good solution??


[2000-12-04 10:19:26] [EMAIL PROTECTED]
Some of the comments added seem to generate html codes for some of the symbols for 
example line 2 below taken from the variable page:

$A = 1; 

I assume that &lt; is in fact the < symbol.  If you are a newbie to html and php as I 
am this makes some of the comments difficult to follow.  I do code in c, c++ and java 
so have a fair idea of what I want to know how to do, its just difficult to read.

Hope you can sort this out at some point as I have been using the manual quite 


Michelle Richardson


Full Bug description available at:

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to