Dotan Cohen wrote: > It would be BBcode if anything. It may be the product of the > lazy, but I feel more secure parsing it than [x]HTML.
BBCode is a pretty useless markup format. If you only want to allow / interpret a small subset of HTML, you can use a simple approach like this: http://shiflett.org/blog/2007/mar/allowing-html-and-preventing-xss If you want to allow a larger subset, or you're just looking for a packaged solution, try HTML Purifier: http://htmlpurifier.org/ Hope that helps. Chris -- Chris Shiflett http://shiflett.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
