I just started a site at http://ezweb.exaro.org for newbie html addicts, that need a site real quick. I'm using a form to provide choices for text, alignment, and colors of a webpage, and it will spit out some html to paste into a document. Right now it's only in it's early stages (no colors, and one template) But what I really needed was to know if anyone knew how to prevent people putting html tags into the form. Something that limits them only to <a>, <b>, <i>, and <br>, and anything else, will just print as an html tag on their page.
my approach: - replace all <XXX> with <XXX> [str_replace or any regular expression] - replace back to things you want to supprt : ( <BR> ==> <br /> etc) quick and dirty - but doable in a few minutes