Hi,
Ken's suggestion will work; note however that it opens a possible
security hole where users will be able to insert executable script into
the database which will propagate later into the client's browsers. If
these are running in a "trusted" security zone (quite common in a
company's intranet), it will be able to more or less execute arbitrary
code (at least when run IE with active scripting enabled).
I'd recommend to tidy the input into XHTML, and then use XSLT just to
copy over those XHTML elements considered "safe" (such as <b>, <i>),
filtering out everything else.
Julian
--
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760