Hi!
I have been making a chat program.
In PHP I control user inputs with htmlentities so they can't write html. But this also ruins the precious æøåöüÿëäñ etc.. characters!
Would it be safe to only remove the < and >s?
Or is there another way to avoid this?

although you need to be a bit more precise as to what yer preventing...just html? or javascript/xss or some other form of malicious code ?

although you need to be a bit more precise as to what yer preventing...just html? or javascript/xss or some other form of malicious code ?

I want to prevent that people ruins it. I want no loopholes.

http://www.the-art-of-web.com/php/parse-links/ to prevent all sorts of javascript ...

use htmplurifier ( google it ) for removing xss to be doubly sure about malicious javascript

strip_tags method to remove html ...

also i dont know how exactly your chat client is working so further security is up to you

When I use htmlentities with the charset UTF-8, it works. Thanks for your help anyway :)