You could add a rich text editor such as CKEditor to your form, it’s the same one used here on SP.
Pros:
it’ll be easier for your visitors to mark up their comments
you can easily add extra plugins to expand the functionality of the editor
Cons:
pages may take a little longer to load
you’ll have to be extra careful keeping the plugin up-to-date
you’ll have to be extra careful checking and escaping what your visitors enter, and stripping out unwanted HTML/ Script/ CSS
if you want your users to be able to enter BBCode instead of HTML, you’ll need to find a special plugin to do that - this forum uses some custom script to turn the rich text editor into a bbcode editor
As for security risks, yes, you’ll have to be extra careful, RTE’s are quite often misused as attack vectors. But as long as you keep everything up-to-date, it should be OK.
How hard is it to implement CKEditor and get something that looks professional?
Cons:
pages may take a little longer to load
you’ll have to be extra careful keeping the plugin up-to-date
What does that entail? Updates monthly? weekly? daily?
you’ll have to be extra careful checking and escaping what your visitors enter, and stripping out unwanted HTML/ Script/ CSS
As for security risks, yes, you’ll have to be extra careful, RTE’s are quite often misused as attack vectors. But as long as you keep everything up-to-date, it should be OK.
I know this isn’t the PHP forum, but what will take?
Tons of fancy code?!
(I spent two weeks learning how to write what I believe to be a secure “Upload a Photo” module…)