[TYPO3-typo3org] buzz.typo3.org: Posting form allows HTML tags

Rupert Germann rupi at gmx.li
Tue Jan 16 10:04:18 CET 2007

Hi Stucki,

Michael Stucki wrote:
> See
> The posting form does not filter HTML tags, thus it could be possible to
> submit much worse content than I tried to do.

all html tags are completely removed from the input by strip_tags(). So I'm
quite shure that you couldn't do any worse things with this ;-)

but we have a spam problem on this site:

I'll install a captcha.


More information about the TYPO3-team-typo3org mailing list