I was hoping to solicit an opinion: There are some text areas where HTML-savvy users could choose to "embolden" their text or "emphasize" it by using HTML. But if I use htmlspecialchars() or htmlentities(), then this is not possible, even though it makes my site safer by eliminating any HTML-related characters that could compromise the site (like <img> tags or trying to close the <textarea> tag and execute code). But I have seen some sites (admittedly running Slash, which is Perl and not PHP-based) that accept certain tags.
Do sites do this by running htmlspecialchars() on their users' input, and then running a custom function that does substr() on "safe" entities, turning them back into true tags? Or is there some other method of allowing only certain HTML tags? BTW, the substr() idea is just something I came up with in the shower, and might not even properly work or be efficient. Thanks Erik ---- Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
