2 Replies Latest reply on Nov 14, 2007 7:04 AM by Kaplanconstruct

    Form input security

    Kaplanconstruct Level 1
      I have heard a lot about hackers submitting code through forms to jack with websites and I'm trying to avoid this without pissing off my users. Right now I just reject a post if they use < or >. However I'm finding users are needing to use those symbols.

      Question, are using HTMLCodeFormat() or HTMLEditFormat() safe ways of displaying user entered tags and preventing hacker scripts? My assumption is no. Any best practice ideas on this?