Hey guys. I'm not sure if this has been posted before, but if it's been discussed before then i'm really sorry. I got the guestbook running in my site. And I found out that if you write an entry with characters such as <>, % and so on it'll actually ruins the guestbook entries. For example in the comment area, if you enter comments like <hey flash-db rocks my socks> with the <> it'll actually ruin entries below and nothing will be displayed. same goes to the % character, it'll ruin the entries as well.
on the other side i also discovered that you can embed image into it. for example in the comments area, if you enter in <img src="http://goatse.cx/hello.jpg
my explanation for this is that if your entry is not 'sanitized' then your browser might think that it's a html tag. and that's how script injection works. that's all for now. please excuse my english.
*if you've got anything to add, please feel free to do so.