[thelist] Using PHP to let folks add comments

Simon Willison cs1spw at bath.ac.uk
Mon Sep 15 04:24:51 CDT 2003


Tony Crockford wrote:
>> http://simon.incutio.com/archive/2003/02/23/safeHtmlChecker
> 
> when I visited that link in Opera 7.2 I got a javascript alert "maybe 
> this works" so maybe it doesn't?

Doh! I just checked my Opera version and I'm still testing with 6. I had 
a look though and I'm pretty sure the trick that person used (an XML 
stylesheet declaration) is filtered out by a bug fix I made to the code 
later that day. The current version of the script on the site should 
defend against that exploit.

Cheers,

Simon






More information about the thelist mailing list