Here are two new patches for Pixelpost 1.5Beta for comments which I feel do a more complete job of preventing XSS
- this is based on the class here http://svn.bitflux.ch/repos/public/p...ernalinput.php
and can prevent all the XSS attacks outlined in the XSS Cheatsheet and still allow some useful HTML
- this strips out the HTML tags and then converts anything remaining to htmlentities - in effect this will allow only plain text comments.
Hope that helps and standard disclaimers apply