Blog Script Help

[BaLtAzAr]

Hello everyone.I am learning php and I started with the development of blog scripts.Most of the scripts I did for example:-Admin can add post-Admin can edit post-Admin can delete the post-Admin can give another user admin-Admin can change any code-Admin can delete someone adminThis is only the v1 in the next version will be much more botheringme but now if one admin to another user, admin, and now the adminthrough the form they want to add a post and put in a post such as:<script type = "text / javascript">windows.location = ("http :/ / www.google.com")</ script>Now when someone wants to look at this post because it will not be able to redirect it to the site www.google.comPosts are entered via the form to the mysql databaseNow I want to deprive any unso script or to prohibit entry <script> iltag to deprive <? php header ('Location: http://www.yoursite.com/new_page.html');?>Thanks in advance

[BaLtAzAr]

bump

[birbal]

i am not sure about your question. doyou want to stop inserting executing external scripts?

[justsomeguy]

If you want to protect against things like XSS attacks then I would recommend using something like HTMLPurifier.

[BaLtAzAr]

If you want to protect against things like XSS attacks then I would recommend using something like HTMLPurifier.

Do you write me to me some code to prohibit entry XSS code and php scripts to redirect? Sory for bad english Edited May 2, 2012 by BaLtAzAr