Hello, I want to allow people to be able to do simple formats when they write comments in my script. Right now I remove all the tags to prevent XSS attacks. I was just wondering if I allowed <b>, <p>, <i>, or <br> tags if those can be used for XSS attacks?
this is a php problem, but can be solved with javascript too. You could write a menu with your custom codes, like bbcodes, then with javascript to replace in page by example with <b> </b>. Search examples about how to use match in javascript, or regex in javascript.