Hello!

I'm using a WYSIWIG HTML editor where users can enter html/text that will then be visible by others on my website. The editor itself converts "dangerous" html to html entities. The problem is that a user could turn off javascript and enter what they'd like. I've added the code:

Code:
<noscript>
    <style type="text/css">
        #javascript_detection {display:none;}
    </style>
    <div class="noscriptmsg">
   My site relies on javascript for part of its functionality, so be sure that it's enabled in your browser.<br />If you're not sure how to do this, go to Help under your browser's menu.
    </div>
</noscript>
And wrapped each page in a javascript_detection tag. This way, if someone does disable the javascript, they won't be able to actually get to the page (I think!).

Is this method a sound way to secure this aspect of my site. (And, as a PS, I protect against SQL injection on the server side of things).

Thanks so much,

Eric