I realize that I can use the strip_tags function to remove HTML. But I don't want to remove HTML tags. I just want to make sure all open HTML tags are closed. For example if they user submits HTML with a <table> tag and never closes it, then the rest of the page will look screwed up. I still want to allow them to use HTML, but I want to close tags that were left open by them. This way it allows them to use HTML and it won't screw up the rest of the page. Thanks, Matt "Richard Lynch" <ceo@xxxxxxxxx> wrote in message news:2365.66.99.91.45.1102714129.squirrel@xxxxxxxxxxxxxxxx > Matt Palermo wrote: >> I would like to leave any HTML in there, > > Do you *TRUST* the people typing the HTML to not attack your server, or > others, with cross-site scripting attacks? > > If not, go re-read the manual about strip_tags, and pay particular > attention to the second, optional, argument. > >> but just make sure that ending >> tags exist, so it doesn't screw up the rest of the page. Strip tags >> would >> just wipe out the HTML rather than allowing it and ending it safely. > > Strip tags will allow you to wipe out *DANGEROUS* HTML which will make > your web server a source of problems not only to you, but to me as well. > > Please use strip_tags to allow only the tags you *NEED* the users to be > able to use. > > It will only take you seconds, and it will save you (and us) a lot of > grief in the long run. > > -- > Like Music? > http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
