can anyone help me this ?

I made a simple forum, and it will allow the users to send their messages in
HTML format.
But I worried about the security of my website, so I removed all of the
"<SCRIPT" tags in their messages by placing "</SCRIPT" instead.
(Because the users maybe use <SCRIPT language="JavaScript">, so I cannot
replace "<SCRIPT>" exactly)

Is it the best solution to protect my pages from malicious code ? (is it
secure for my pages ?)
Are there other ways that someone can use malicious codes in their messages
without <SCRIPT> ?

In the case I do not allow the users send messages in HTML codes, I replaced
(similar with phpBB code) :
[a]=>"<a href="

example the content of message is :
[a]www.microsoft.com[/a]Click here...[//a]
...will place a link to Microsoft.com, but the problems will happen when the
users use only [a], or [/a], not use [//a] to close the link. Can anyone
help me to fix this problem ? (is there another way to do this more simple

thanks very much...

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to