Better yet, only parse out and use the metacharacters that you absolutely require and ignore the rest.
---------------------------------- John Daniele Technical Security & Intelligence Toronto, ON Voice: (416) 605-2041 Email: [EMAIL PROTECTED] Web: http://www.tsintel.com ---------------------------------- On Sat, 19 Jan 2002, zero wrote: > > > > > > > > B - I've seen literaure which says servers should > > > block " < > " ' ; ( ) + - " characters. If one has not > > > blocked all these types what are the implications > > > (i.e., if only <> types are blocked) ? > > > >while "<" and ">" are the first nessasary step... those > >other special characters can sometimes used to > >modify HTML in other instances. All in all they are > >just a good idea to filter so users arent messed with. > > > Not only HTML tags but also unix redirections: >> , >, << , < > > Alex > > > mailto:[EMAIL PROTECTED] > http://www.podergeek.com/ > http://www.citfi.org > ------------------------------------------------------ > "The further backward you look, the further forward you can see" Winston > Churchill > "Access is GOD..." > >