Author: zores <hi>     Reply to Message
Date: 8/6/2017 9:10:25 AM
Subject: RE: Server move.

so wherever your variable is for your user_input

apply a whitelist that says only alphanumeric is allowed

disallow special characters from being reflected back in the response

you can create pseudo rich html tags and replace them in your code with the equivalent html tags, so that would stop injection attacks as well

i.e. if user wants to use , use method to replace your own defined syntax of [img] to , disallow everything else
_