From: Kristian K. <kr...@ko...> - 2002-12-26 09:35:20
|
Am Do 26.Dezember 2002 00:05 schrieb lrargerich: > I guess that allowing only some harmless HTML tags cannot do any damage= at > all and will show the email in a more user-friendly way. So I believe t= hat > pulling potentially harmful HTML tags and letting the other tags > stay is a good policy. It is not only the tags that are dangerous. Any tags may have attributes = such=20 as style, onmouseover, and other Javascript attributes. Please see the=20 documentation for strip_tags (http://php.net/strip_tags). Also note, that= PHP=20 does not provide native tools to strip certain attributes from certain ta= gs=20 (that would be a worthwile addition to PHP). Kristian --=20 http://www.amazon.de/exec/obidos/wishlist/18E5SVQ5HJZXG |