For my website I created an updating system in php. Where my staff and I can
write articles that then get saved to the server, linked to, etc. I allowed
html to be passed from the form because a lot of the staff likes to use html
tags in their articles. Which I know is a security issue.

I know I could use HTMLSpecialChars() and then devise my own mark up system;
which I will if I have no other alternative. But I was wondering if just
searching the article string for "<?", "?>", "<script", etc and not writing
the file if they're found would suffice. That almost seems too simple


PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to