> Do these methods seem reasonably secure? Am I missing something? The > risk is minimized by the fact that the HTML the user enters is > displayed to their own customers, whom they presumably don't want to > attack (and if they did they could just do it on their own web site). > But I still want to avoid as many opportunities as possible for either > inadvertent or deliberate errors to cause trouble. Assuming you are authenticating them correctly so that a Bad Guy can't change the HTML out from under them, it seems reasonable to me -- Not much point to cross-site vandalism on one's own site, eh? -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
