can anyone help me this ?
I made a simple forum, and it will allow the users to send their messages in
But I worried about the security of my website, so I removed all of the
"<SCRIPT" tags in their messages by placing "</SCRIPT" instead.
replace "<SCRIPT>" exactly)
Is it the best solution to protect my pages from malicious code ? (is it
secure for my pages ?)
Are there other ways that someone can use malicious codes in their messages
without <SCRIPT> ?
In the case I do not allow the users send messages in HTML codes, I replaced
(similar with phpBB code) :
example the content of message is :
...will place a link to Microsoft.com, but the problems will happen when the
users use only [a], or [/a], not use [//a] to close the link. Can anyone
help me to fix this problem ? (is there another way to do this more simple
thanks very much...
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]