> no, because htmlspecialchars will encode <> signs No good idea! http://applesoup.googlepages.com/bypass_filter.txt Maybe the security team should check this out ... HTH Joey