Avoid XSS and allow some html tags with JavaScript

Question

I\'ve got a problem in my current project: Users can send an email using a textarea. We allow the user to put in whatever they want, and thus some HTML for formatting. For e

Answer 1

You can ofcourse allways switch to using BB code, use the same parser for the preview as the form, and then parse the ubb code server side when sending.

See this article if you like to parse the BB code client side for the preview and this for parsing the BB code server-side, assuming you send mails using PHP.