Page 1 of 1

avoiding tags in comments and post titles

Posted: Mon Mar 08, 2010 8:34 pm
by scarface222
Hey guys, quick question, was wondering if anyone knew a smart way to avoid users posting div tags or something in a topic title or comment that the browser will take literally, that will mess up the display of the page.

Re: avoiding tags in comments and post titles

Posted: Mon Mar 08, 2010 8:44 pm
by requinix
Always run user input through htmlentities (better) or htmlspecialchars (okay) before displaying it.

Re: avoiding tags in comments and post titles

Posted: Mon Mar 08, 2010 10:03 pm
by scarface222
thanks man