note moritz <p>Another approach is to use server side includes. Instead of a <c><!-- PLACE CONTENT BELOW --></c> marker, you use <c><!--#include virtual="/your/newsfile.html" --></c> and place all the new content in <c>$documentroot/your/newsfile.html</c>. See [http://httpd.apache.org/docs/2.0/howto/ssi.html|the Apache SSI HowTo] for more information. <p>That way the user just has to edit and upload one file. <p>If you'd rather stick with the placeholder approach, I'd recommend to either not do an in-place edit (create a modfiied copy), or mark both the start and end of the edit section. <p>For validation, [mod://HTML::StripScripts] has a pretty good reputation (though I haven't used it myself). <blockquote>What else should I be aware of?</blockquote> <p>Security. As always. <p>If you stick to the editing approach, you should be aware that it relies on uploading the whole HTML file. That means the user is able to replace it fully if he is malicious (maybe by extracting the server credentials from your script). It depends on your usage scenario if this is anactual problem. <!-- Node text goes above. Div tags should contain sig only --> <div class="pmsig"><div class="pmsig-616540"> [http://perl6.org/|Perl 6 - second systems done right] </div></div> 924340 924340