I found some code at http://marc.theaimsgroup.com/?l=php-general&m=106942414231212&w=2 that was meant to extend strip_tags() where it wouldn't be blindly prone to XSS attacks via tag attributes. Unfortunately, that code works too good. If one were to pass a legal <img> tags like <img src="http://us2.php.net/images/php_snow.gif"; /> It gets reduced to <img>
Does anyone have any suggestions on how to modify that code (or any code), where one is bypassing certain tags, while keeping those certain tags "safe" (as safe as one can be) Thanks for you suggestions. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
![http://us2.php.net/images/php_snow.gif"](http://us2.php.net/images/php_snow.gif"){kind=link}