> On 5/21/2010 9:24 AM, David Otton wrote:
>> On 20 May 2010 16:51, Al<n...@ridersite.org> wrote:
>>> I'm not being clear. First pass is thru the blacklist, which effectually
>>> tells hacker to not bother and totally deletes the entry.
>>> If the raw entry gets past the blacklist, it must then only contain my
>>> whitelist tags. e.g., the two examples you cited were caught by the
>>> whitelist parser.
>> Ah, gotcha. That seems like a much better approach to me. But if the
>> whitelist's going to stop the submission, then why bother with a
>> blacklist at all?
> Like I said above, First pass is thru the blacklist, which effectually
> tells hackers to not bother and totally deletes the entry.
> Also, it's possible that one of my non-techie users can unwittingly
> enter hack code. I want to make a big deal of it. My error messages says
> in red "Illegal code entered. It was not saved. Reenter your text
> without it." Remember, I show them the error segment so they know
> exactly what the problem is. There is also another msg which says to
> contact tech support with a link.
Do you actually "show them" the error. That would give away your mystical
powers of detection... :)
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php