Page 1 of 1

dunno if this belongs here

Posted: Fri May 17, 2002 10:42 pm
by lc
Hia folks

I was rather baffled I thought I had written some secure scripts but someone entered somethign in a GB I wrote that really messed it up.

Code: Select all

<xmpt><plaintext>
I have no idea what that means or what it does. Can anyone explain it to me?

thx
lc

Posted: Fri May 17, 2002 11:55 pm
by fatal
XML is really sensitive about tags, a tag must have a start and a end. Unlike HTML where you can have tags like <.hr>, and <.br>

Posted: Sat May 18, 2002 9:27 pm
by lc
Well see that doesn't really mean anything to me.

I have a script online where people can leave messages.. I use htmlentities to make html impossible basicly.

But I really don't get why this doesn't end up as <xmpt> as text made from <xmpt> but gets viewed as code. I'm rather baffled by it ;)

Posted: Sat May 18, 2002 11:49 pm
by jason
I would use strip_tags() myself.

Also, do you allow people to edit their messages? And if so, do you error check on the edit?

Posted: Sun May 19, 2002 10:59 am
by lc
Thx Jason.. I'll do some tryouts with strip_tags.

In one of the scripts yes I do allow people to edit their own messages, and yup naturally the same checks that are used for the initial message are also used for an edit. Same bit of script actually... just with a couple if/elseif's

Posted: Sun May 19, 2002 11:45 am
by lc
Okie yup strip_tags isn't perfect either but at least it's secure. Thx ;) I'm using it now.

Posted: Fri May 24, 2002 8:25 pm
by volka
XMTP <-> eXtensible Mail Transport Protocol
but I've never seen a <xmpt>-tag 8O