[thelist] Using PHP to let folks add comments
Simon Willison
cs1spw at bath.ac.uk
Sun Sep 14 15:57:08 CDT 2003
Timothy J. Luoma wrote:
> What I don't want is someone to be able to put in javascript or evil
> HTML that does something nasty to the page. I would like them to be
> able to include regular links.
>
> I am trying to keep the page XHTML 1.0 Strict.
You might find my SafeHTMLChecker class interesting - it uses an XML
parser to check that submitted comments are valid XHTML and that they
don't contain "dangerous" tags or attributes. I've been using it on my
blog for 6 months and it seems to have done a pretty good job:
http://simon.incutio.com/archive/2003/02/23/safeHtmlChecker
Cheers,
Simon
More information about the thelist
mailing list