Chris Shiflett wrote:
> In some cases, the developer may want certain > HTML elements interpreted rather than escaped > in this way. Perhaps you could mention that > something like str_replace() can be used to > convert specific HTML entities back to their > original form. This method should filter any > unwanted elements. For a BBS I would like to let users post links to various resources. They 'post' a message to the BBS via a form and that is stored in a MySQL db, then the content of their 'post' is available to other users on the BBS. Currently I strip out all PHP/HTML with the strip_tags() function. What I would really like to do is allow a limited set of HTML tags (like the anchor <a> tag) but at the same time implement reasonable protection. In regards specifically to the HTML anchor tag <a>, are their guidelines for what should, and should not be allowed? In other words if I simply allow all of these tags (implementing the algorithim you mentioned above) are their potential problems with that? Or are there specific things I should be looking for with tags? Thanks for your comments, Lawrence Kennon www.theNewAgeSite.com --------------------------------- Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard
