Hello, let's assume a PHP program that allows users to enter a web page address. After the address is entered, the program would fetch the page in question and replace all the occurrences of the word "llama" with the word "alpaca". It would then provide the modified HTML code in a safe fashion to the user.
Any ideas on how to do the last part, outputting the new HTML code, safely? The problem is, I want to output in a way that is both safe and enables the user to easily store the web page in an usable HTML form. Of course, there are multiple ways of doing this, but all of them seem to have their negative sides: A) htmlspecialchars() - Works, but requires the user to cut 'n paste the code, rather than saving it directly to their HD, which would be preferable. B) Write the modified HTML into a file "as-is" and provide a link to it so that the user can save the code directly to the HD. Works neatly, but I'm concerned that there might be security issues. Is there? Now, if I make a point of not "chmod 755"ing the .html files in question, the server should be safe from someone feeding a html file with an embedded PHP script, right? Is there something else I should be looking out for - or is there an even better way of handling the transferring of the HTML code from the application to the user? (My apologies if this message appears more than once. I attempted to post it from another address, apparently without any luck.) - Lauri Harpf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
