"Visual Input Security" (
http://www.peterblum.com/vise/home.aspx) includes
validators that protect against Cross Site Scripting attacks, like you
describe. It Its validators are much more powerful than what you've
described because hackers can avoid those four nasty tags and still cause
these attacks. It also handles attacks on your database through SQL
Injection.
--- Peter Blum
www.PeterBlum.com
Email:
PL****@PeterBlum.com
Creator of "Professional Validation And More" at
http://www.peterblum.com/vam/home.aspx
"Buddy Ackerman" <bu**********@buddyackerman.com> wrote in message
news:O6**************@TK2MSFTNGP09.phx.gbl...
I have a form into which users will enter text. I want the user to be able
to enter "some" HTML however I would like to prevent "bad" HTML. The "bad"
HTML would be things like <SCRIPT>, <OBJECT>, <APPLET>, etc. Does anyone
know of a good server side validator that will catch this type of "bad"
HTML input while allowing the acceptable input?
--Buddy