J
johnzenger
Is there a module (or, better yet, sample code) that scrubs
user-entered text to remove cross-site scripting attacks, while also
allowing a small subset of HTML through?
Contemplated application: a message board that allows people to use
<b>, <a href="">, <i> and so on, but does not allow any javascript,
vbscript, or other nasties.
user-entered text to remove cross-site scripting attacks, while also
allowing a small subset of HTML through?
Contemplated application: a message board that allows people to use
<b>, <a href="">, <i> and so on, but does not allow any javascript,
vbscript, or other nasties.