hi, can anyone help me this ? 1) I made a simple forum, and it will allow the users to send their messages in HTML format. But I worried about the security of my website, so I removed all of the "<SCRIPT" tags in their messages by placing "</SCRIPT" instead. (Because the users maybe use <SCRIPT language="JavaScript">, so I cannot replace "<SCRIPT>" exactly)
Is it the best solution to protect my pages from malicious code ? (is it secure for my pages ?) Are there other ways that someone can use malicious codes in their messages without <SCRIPT> ? 2) In the case I do not allow the users send messages in HTML codes, I replaced (similar with phpBB code) : [a]=>"<a href=" [/a]=>">" [//a]=>"</a>" example the content of message is : [a]www.microsoft.com[/a]Click here...[//a] ...will place a link to Microsoft.com, but the problems will happen when the users use only [a], or [/a], not use [//a] to close the link. Can anyone help me to fix this problem ? (is there another way to do this more simple ?) thanks very much... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
