Re: [Tikiwiki-devel] WebMail question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Am Do 26.Dezember 2002 00:05 schrieb lrargerich:
> I guess that allowing only some harmless HTML tags cannot do any damage=
 at
> all and will show the email in a more user-friendly way. So I believe t=
hat
> pulling potentially harmful HTML tags and letting the other tags
> stay is a good policy.

It is not only the tags that are dangerous. Any tags may have attributes =
such=20
as style, onmouseover, and other Javascript attributes. Please see the=20
documentation for strip_tags (http://php.net/strip_tags). Also note, that=
 PHP=20
does not provide native tools to strip certain attributes from certain ta=
gs=20
(that would be a worthwile addition to PHP).

Kristian

--=20
http://www.amazon.de/exec/obidos/wishlist/18E5SVQ5HJZXG

Re: [Tikiwiki-devel] WebMail question

The Free / Libre / Open Source Web App with the most built-in features

Re: [Tikiwiki-devel] WebMail question