Is it common practice to not accept form submissions from users that contain HTML code? I run a local classifieds site and was wondering if I should prevent users from having the ability to submit HTML code in their listings.
Thanks.
ali91
8:28 pm on Dec 10, 2008 (gmt 0)
you must prevent user from submiting html couse they can exploit it in cross site scripting exploit so if u using php use the function htmlspecialchars() to filter the form data
