in reply to Stopping the abuse

Well, the easiest way is 'literalize' the left bracket. Say that you have captured your user's post into the variable $posted_html. Simply substitute all occurances of < with &lt; 
$posted_html =~ s/</&lt;/g;

[download]
This will disable ALL rendering of HTML tags. It also has the side effect of displaying what the user tried to submit. You could also try to strip out the tags, but this is really a fine art. What if you want to allow some tags like <b> and <u> but disable others like <a> and <script>. Your code will need to be sophisticated. Incidentally, this is what the code in Why I like functional programming addresses.

jeffa

L-LL-L--L-LL-L--L-LL-L--
-R--R-RR-R--R-RR-R--R-RR
B--B--B--B--B--B--B--B--
H---H---H---H---H---H---
(the triplet paradiddle with high-hat)

Replies are listed 'Best First'.
Re: (jeffa) Re: Stopping the abuse
by Anonymous Monk on May 30, 2002 at 07:46 UTC
    Hi i'm the author, it worked, thanks, something so simple, i'd never expected it. haha.
[reply]
Re: (jeffa) Re: Stopping the abuse
by thpfft (Chaplain) on May 30, 2002 at 19:49 UTC

    That is neat, but you'd also need to s/// ascii codes like:

    \x3Ca href="#" onclick="alert('a ha')">boo\x3C/a>

    and no doubt lots of other tricks. It's generally better to strip everything out than to try and keep up with the kids, i've found.

    update: completely wrong, as jeffa was tactful enough to point out privately. the translation of the ascii character happens in perl, not in the browser. i tested with a qq|| string and didn't look at the html source. slap.

[reply]
[d/l]

In Section Seekers of Perl Wisdom