E
Earl Teigrob
I want to allow users to input html (via a rich text box) or directly, into
a form field, save it in a data store and then output that html to the
browser, but not allow cross-site scripting.
What is the minimum that I need to filter to prevent cross-site scripting?
Can it check for any occurance of the "<script" tag and alter it so that no
usable javascript can be inserting with the HTML?
Thanks
Earl
a form field, save it in a data store and then output that html to the
browser, but not allow cross-site scripting.
What is the minimum that I need to filter to prevent cross-site scripting?
Can it check for any occurance of the "<script" tag and alter it so that no
usable javascript can be inserting with the HTML?
Thanks
Earl