Matt Palermo wrote:
I am allowing users to imput HTML code into a textarea. After they input this, I wany to output their HTML to the browser. In order for the document to be safe, I need to close all open HTML tags that have been left open by the user, along with any open comments. Is there a way to take an HTML string and add closing tags and comments to it if needed?
After you use http://php.net/tidy to fix the HTML, use http://php.net/strip_tags to rip out all but the handful of tags you really want to allow them to use, most especially any JavaScript they might shove in to attack your (and my!) server.
I *think* strip_tags rips out JavaScript. RTFM to be sure.
not really, but it removes <script> and </script> so javascript is not interpreted.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
