on 23/04/02 1:59 PM, Martin Towell ([EMAIL PROTECTED]) wrote:

> would become
> =foo
> ="foo"
> = "foo"
> ='foo'
> ='foo'
> which the browser would just ignore

In theory, yes.  I don't think I'd trust it here -- this is potentially
malicious content added by unknown people.  I'd be taking the approach keep
what you trust, throw out the rest, which is a more complex set of regexps

hence <B anything> should be trimmed back to <B>.... this is easier on a
smaller subset of HTML, rather than "all HTML".

I personally would not give unknown contributors any more than you have to.

Creative Director

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to