[Andre_h2]

Hey guys,
i was just wondering if someone new a way to secure a forum of Javascript posts.

<img> and <a> tags are allowed.
If someone would do
<img src="javascript:alert(document.cookie)">
it would not be that great. (the same for <a>)

Is there a way to figure out that this image or link contains javascript and i'm just deleting that part of the message?

i guess it would be something with eregi and strpos but i'm not quite sure how to do it.

Any Help would be appreciated, thanks.

[gneato]

Best way to get around this, if you can, is by using an alternative markup, like the standard quare bracket type... e.g. [url ]http://blah[/url] and [b ]bold[/b]

Then you do some eregi_replace commands and you're all set.

You could also allow simple <b> and <i> and <u> tags, that's a part of the strip_tags function.