General discussion

Allowing HTML tags in user input...

Hello,

I am creating a site that lets users enter text for their personal profile.

Being security conscious, I have opted to strip tags, including all javascript event handlers (onClick, etc). However, I would like to allow some text formatting tags. Here is a list of those tags:
b, br, center, font, h1 - h6, i, ol, p, pre, sub, sup, ul.

Is there something I should be concerned about by doing this?

TIA,
Richie.

Discussion is locked
Follow
Reply to: Allowing HTML tags in user input...
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Allowing HTML tags in user input...
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Re:Allowing HTML tags in user input...
- Collapse -
Re:Re:Allowing HTML tags in user input...

Thanks.

I'm not sure the majority of my targeted visitors would be interested in learning new rules about ubb code. If there is no possible way somebody could use html attributes to invoke some action in browsers, then I'd stick with the html tags that I've chosen to allow.

You mentioned meta tags. They won't be able to use meta tags, since all tags would be automatically removed, except the ones that I allow.

- Collapse -
[nt] Then you are done...

.

CNET Forums