[thelist] Removing tags in an input field: What else to remove?

Joshua OIson joshua at alphashop.net
Mon May 14 11:20:51 CDT 2001


Seth,

I agree with you, but in practice it, the method in which the tags are
removed will play an important part in whether what you say is even
possible.  If the < and > are replaced with character entities &lt; and &gt;
then you can do what you have recommended.  If the intent is to actually
*remove* the offending code, then what you recommend is not feasible.

A person, for example, may be trying to show a simple mathematical proof in
the text area, such as:

if a<b, and b<=c, then a<c

Such a proof would probably break the stripper, or would get removed from
the input, which is probably not what is intended.  Dunno, maybe possibly
offensive code is sent to someone for review before it is posted?  Just a
thought.

-joshua

----- Original Message -----
From: "Seth Bienek" <seth at sethbienek.com>
Subject: RE: [thelist] Removing tags in an input field: What else to remove?


> Hi Ben,
>
> > Basically, is there anything that I'm missing?
>
> It seems like it would be easier (and safer) to allow only your "safe"
tags, rather than eliminate the "unsafe" tags.  Then you have the unknowns
covered as well..
>
> Regards,
>
> Seth





More information about the thelist mailing list