[pmwiki-devel] Quick preg_replace question...
The Editor
editor at fast.st
Fri Apr 27 09:01:09 CDT 2007
On 4/27/07, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> FWIW, PmWiki provides the PQA() function, which analyzes HTML
> attributes to make sure they are properly quoted (for XHTML),
> and to suppress any onclick/onfocus/onblur/etc. attributes that
> might be used for XSS attacks.
Always happy to build on your work Pm! Can I run this on the final
output before it is returned? Or should it just be run on the
attributes part of the tag as you seem to have done in your tables?
Cheers,
Dan
PS. Your suggestions got the pattern working. Thanks to you and Hans both!
More information about the pmwiki-devel
mailing list