Matt Palermo wrote: > I would like to leave any HTML in there, Do you *TRUST* the people typing the HTML to not attack your server, or others, with cross-site scripting attacks?
If not, go re-read the manual about strip_tags, and pay particular attention to the second, optional, argument. > but just make sure that ending > tags exist, so it doesn't screw up the rest of the page. Strip tags would > just wipe out the HTML rather than allowing it and ending it safely. Strip tags will allow you to wipe out *DANGEROUS* HTML which will make your web server a source of problems not only to you, but to me as well. Please use strip_tags to allow only the tags you *NEED* the users to be able to use. It will only take you seconds, and it will save you (and us) a lot of grief in the long run. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
