On 7/11/05, Richard Davey <rich@xxxxxxxxxxxxxxxx> wrote: > u wanted to allow a user to say colour a piece of text red, > they'd have to enter <span style="color: red">x</span> to make it I wouldn't know, <span> isn't one of the tags I allow. > happen? Poor bastards (never mind the fact I'd love to see you use > less CPU cycles to perfectly validate that tag than say [red][/red]). I don't bother with perfect tag validation, and I doubt the phpbb bbcode people do either since they average about 2-3 exploits a month on Bugtraq. I allow a specific set of safe html tags and I provide a preview function. Even after that, if the user goofs up I allow a specific time span in which to edit the post to correct the goof. -- Greg Donald Zend Certified Engineer MySQL Core Certification http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
