Lauri Harpf wrote:
Now, if I make a point of not "chmod 755"ing the .html files in question, the server should be safe from someone feeding a html file with an embedded PHP script, right? Is there something else I should be looking out for - or is there an even better way of handling the transferring of the HTML code from the application to the user?
Well, unless you have set your server up to execute PHP or CGI scripts in .html files, which is a very bad idea, the only thing you need to worry about is client-side scripting. You could just filter out all <script></script> tags if client-side scripting isn't important for your application...
Jasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
