I want to be able to let users of a web site enter html code to create a web page. I do not however, want to allow them to use any scripting of any kind. Can anyone suggest a way to parse the code they enter and remove any types of scripting? As always, I appreciate any and all responses and thoughts. Thanks.
Just a thought, never tried this out:
Make a list of "allowed html tags" and replace all the "<" and ">" of not-allowed tags with the < that should make the script unparsable to your webserver, forcing it to print it intead of executing it.
