Al wrote: > Good point about the '<script> evil haxor code here; </script>'. That's > bad for our users, not the site, per se. what is bad for your users is bad for your site, on top of that the script is running in the context of your domain - all sorts of nasty possibilities that could affect your site. > > Raw text to html is primarily done with a series of preg_replace() > operations. what/how [exactly] the transformation is done determines whether your safe. > > No include() or exec() allowed near the text. > > Sounds like I'm in pretty good shape. maybe, maybe not - see above. (do you practice any sports? ;-P) ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php