I realize that I can use the strip_tags function to remove HTML. But I don't want to remove HTML tags. I just want to make sure all open HTML tags are closed. For example if they user submits HTML with a <table> tag and never closes it, then the rest of the page will look screwed up. I still want to allow them to use HTML, but I want to close tags that were left open by them. This way it allows them to use HTML and it won't screw up the rest of the page.
Thanks,
Matt
"Richard Lynch" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
Matt Palermo wrote:
I would like to leave any HTML in there,
Do you *TRUST* the people typing the HTML to not attack your server, or others, with cross-site scripting attacks?
If not, go re-read the manual about strip_tags, and pay particular attention to the second, optional, argument.
but just make sure that ending
tags exist, so it doesn't screw up the rest of the page. Strip tags would
just wipe out the HTML rather than allowing it and ending it safely.
Strip tags will allow you to wipe out *DANGEROUS* HTML which will make your web server a source of problems not only to you, but to me as well.
Please use strip_tags to allow only the tags you *NEED* the users to be able to use.
It will only take you seconds, and it will save you (and us) a lot of grief in the long run.
--
Like Music?
http://l-i-e.com/artists.htm
You still need to control it. This would certainly fuck up your page:
<div style="position: absolute; width: 100%; height: 100%; top: 0; left: 0; right: 0; bottom: 0; background-color: red;"></div>
-- Daniel Schierbeck
Help spread Firefox (www.getfirefox.com): http://www.spreadfirefox.com/?q=user/register&r=6584
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
