Page 1 of 1
avoiding tags in comments and post titles
Posted: Mon Mar 08, 2010 8:34 pm
by scarface222
Hey guys, quick question, was wondering if anyone knew a smart way to avoid users posting div tags or something in a topic title or comment that the browser will take literally, that will mess up the display of the page.
Re: avoiding tags in comments and post titles
Posted: Mon Mar 08, 2010 8:44 pm
by requinix
Always run user input through
htmlentities (better) or
htmlspecialchars (okay) before displaying it.
Re: avoiding tags in comments and post titles
Posted: Mon Mar 08, 2010 10:03 pm
by scarface222
thanks man