Maybe u should just strip all the javascript tags out Of the user-input (output page) with a script like this:
$text = eregi_replace("< *script[^>]*>([^<]*)<[^>]*>","//1",$test); this should stip all the script-tags out of the text, but will keep the text between the tags. (the code was NOT tested :)) HF red -----Ursprungliche Nachricht----- Von: Leif K-Brooks [mailto:[EMAIL PROTECTED]] Gesendet: Montag, 22. April 2002 9:18 PM An: [EMAIL PROTECTED] Betreff: [PHP] Second opinion needed - javascript blocker I am trying to block javascript from ares of my site that users can change. I am going to use the following code. Can someone give me a second opinion on whether it will work? function stopjavascript($text){ //Stop people from using &whatever; tags, in case they can smuggle javascript in with that $text = str_replace("&","&",$text); //Stop the onmouseover, etc. parameters $text = eregi_replace("on","o-n",$text); //Stop script tags, as well as links to javascript: $text = eregi_replace("script","sc-ript",$text); //Return the edited string return $text; } -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php