I've been loosely following this thread, and have a question now.
Isn't one advantage of a bbcode type solution that you can more easily
avoid session hijacking vis cross site scripting? If you allow html,
then you open the door for people to add eventhandlers. I guess you
could always strip the
Hello Greg,
Monday, July 11, 2005, 5:06:51 PM, you wrote:
GD> I wouldn't know, isn't one of the tags I allow.
If you stick to the plain vanilla HTML tags such as i, b, u, etc then
BBCode is pointless - I agreed on this with you several posts ago. I
don't however use it just for that, I use it t
2 matches
Mail list logo
