Discuss Security risks allowing link setting by users in the HTML Programming forum on Dev Shed. Security risks allowing link setting by users HTML Programming forum covering discussions of HTML and XHTML, as well as HTML-related issues such as writing W3C Compliant code. Use HyperText Markup Language for building websites.
Time spent in forums: 5 Months 2 Weeks 2 Days 4 h 9 m 9 sec
Reputation Power: 9259
It's not an XSS/JS injection problem if you only allow people to add links. htmlentities() it, stick it in an href, and you're done.
The only risk is that people will use it to spam/phish/etc. and that should be handled with, at the very least, some sort of moderation mechanism. Blacklists are fine but you will never even get close to catching everything.