> I asked this question awhile ago and never really visited the issue till > now. The response I got showed me how to disable everything, but I want to > allow basic html tags. http://us3.php.net/strip_tags You can use the optional second parameter to specify tags which should not be stripped. HTH, Brad I ended up using strip_tags (thanks Brad) But to disable other ways of getting javascript to run I also included this.... $pattern = array('/(javascript)/','/([jJ(j)][aA(a)][vV(v)][aA(a)][sS( 5)][cC(c)][rR(r)][iI(i)][pP(p)][tT(t)])/','/(\.[jJ(j) ][sS(s)])/','/([xX][sS(s)][sS(s)])/','/([xX][mM][lL])/'); $candidateNewBio = preg_replace($pattern, '', $candidateNewBio); Is this worthwhile or a waste of time, because it seems to really protect your site, you need have a contingency for every possible attack.... And I don't even know how some of this stuff is even working with my level of understanding -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
