on 23/04/02 1:59 PM, Martin Towell ([EMAIL PROTECTED]) wrote:
> would become > > =foo > ="foo" > = "foo" > ='foo' > ='foo' > > which the browser would just ignore In theory, yes. I don't think I'd trust it here -- this is potentially malicious content added by unknown people. I'd be taking the approach keep what you trust, throw out the rest, which is a more complex set of regexps though. hence <B anything> should be trimmed back to <B>.... this is easier on a smaller subset of HTML, rather than "all HTML". I personally would not give unknown contributors any more than you have to. Justin -------------------- Creative Director http://Indent.com.au -------------------- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
