MysterySword

I (heavily) modified a PHP-fusion theme, so I pretty much made the theme. Yeah, I'll admit it's not that easy on the eyes. I'll eventually make a PHP site without a CMS...

http://www.otakunetwork.com What do you think of my site? I recently finished Version 2 of the site, and would like to know what to fix up on, and how to make it more appealing...

Ouch. That seems like a lot. Oh well, as it's said, "better to be safe than sorry". EDIT: Nevermind, I forgot there was already a function that striped JavaScript so it wouldn't run. Thanks for your help, anyway.

Well, I made a system where users can use CSS to change the look of their profiles. However, I'm worried about vulnerabilities in the submitted CSS code. Here's the code in the profiles that run the custom CSS: echo "<STYLE type=\"text/css\">".$user_data['user_css']."</STYLE>\n"; I'm free from MySQL errors, because of a command that strips input, but I'm talking about when that code is activated in the profile. I believe JavaScript can run within CSS, so is it possible to disable that?