on 23/04/02 1:59 PM, Martin Towell ([EMAIL PROTECTED]) wrote:
> would become
>
> =foo
> ="foo"
> = "foo"
> ='foo'
> ='foo'
>
> which the browser would just ignore
In theory, yes. I don't think I'd trust it here -- this is potentially
malicious content added by unknown people. I'd be taking
r them
Does this work?
HTH
Martin
-Original Message-
From: Leif K-Brooks [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 23, 2002 6:49 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: AW: [PHP] Re: Second opinion needed - javascript blocker
Thynks, but I don't want t
Thynks, but I don't want to block html, I want to block javascript! And
since onmouseover and similar events can be put in any tag, I'm trying to
block them.
on 4/22/02 4:44 PM, J Smith at [EMAIL PROTECTED] wrote:
Then I'd suggest using the strip_tags() function and define which tags you'd
like
Then I'd suggest using the strip_tags() function and define which tags you'd
like to leave untouched.
J
Red Wingate wrote:
> He might want to use this function but doing so no links or bold underline
> Tags will be destroyed as well.
>
--
PHP General Mailing List (http://www.php.net/)
To
He might want to use this function but doing so no links or bold underline
Tags will be destroyed as well.
-Ursprungliche Nachricht-
Von: J Smith [mailto:[EMAIL PROTECTED]]
Gesendet: Montag, 22. April 2002 10:08 PM
An: [EMAIL PROTECTED]
Betreff: [PHP] Re: Second opinion needed
Try looking at htmlspecialchars() and htmlentities() instead. They'll
convert things like < and > to > and < and ampersands to &.
J
Leif K-Brooks wrote:
> I am trying to block javascript from ares of my site that users can
> change.
> I am going to use the following code. Can someone give
6 matches
Mail list logo
