Hi folks,
To keep my tinymce texteditor working using html codes, I removed this function from my posting form. Is there any security issue may occur??? and how to fix this.
Thx in advance
CSS Codes
Junior Coders
htmlspecialchars function
Hi folks,
To keep my tinymce texteditor working using html codes, I removed this function from my posting form. Is there any security issue may occur??? and how to fix this.
Thx in advance
global $Moderator;
Allowing people to post html to your site is always a security issue. It's not a good idea to allow anyone to add their own code and just "trust" that no one will abuse the feature.
Senior Coders
You can allow certain tags, and I'm sure open-source code is available for this. Usually the allowed set is <i> <u> <b> <a> and maybe a few others. Alternatively, several formatting languages are available, at least for blogs.
But why exactly do you need HTML to be modifiable by users? Is it something more complicated than formatting?
New Comer (less than 5 posts)
I'd like to suggest the all powerful BB CODE!
You should try googling a PHP BB Code script
Last edited by thetestingsite; 07-11-2009 at 02:28 AM.
global $Moderator;
As Jesdisciple implied, it all depends on what, exactly, he wants to be able to do. If he actually needs more than formatting, hyperlinks, etc., BB code wouldn't solve the problem. I suspect that may be the case, as tinymce is capable of many (if not more) of the things bb code is.
Posting Permissions
Reply With Quote
Bookmarks