Hello Greg, Saturday, July 9, 2005, 6:40:06 PM, you wrote: GD> The same regular expression magic that keeps you from forgetting your GD> [/i] can just as easily keep you from forgetting your </i>. The difference is the extra hoops your reg exps will have to jump through, and have to jump through perfectly. You will have to disallow all <'s and >'s, but do allow them for <i>, <b>, etc etc. Then check there has been nothing malicious inserted inside every one of those tags in any shape or form, and all combinations thereof. I'm sorry but I fail to see how *having* to perform masses of flawless reg-ex kung-fu is a good thing, in my mind it just widens the margin for developer error, which is a never a plus point. It's horses for courses though, in the CMS I built for myself I allow any damn thing I want ;) In the forum built for thousands of teenagers, you'd have to be out of your mind to allow it. May as well just give them your server reboot button while you're at it and ask not to touch. Best regards, Richard Davey -- http://www.launchcode.co.uk - PHP Development Services "I do not fear computers. I fear the lack of them." - Isaac Asimov -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
