Simple allowing of HTML elements/attributes?
David M. Cooke
cookedm+news at physics.mcmaster.ca
Wed Feb 11 17:42:53 EST 2004
At some point, Leif K-Brooks <eurleif at ecritters.biz> wrote:
> I'm writing a site with mod_python which will have, among other
> things, forums. I want to allow users to use some HTML (<em>,
> <strong>, <p>, etc.) on the forums, but I don't want to allow bad
> elements and attributes (onclick, <script>, etc.). I would also like
> to do basic validation (no overlapping elements like
> <strong><em>foo</em></strong>, no missing end tags). I'm not asking
> anyone to write a script for me, but does anyone have general ideas
> about how to do this quickly on an active forum?
You could require valid XML, and use a validating XML parser to
check conformance. You'd have to make sure the output is correctly
quoted (for instance, check that HTML tags in a CDATA block get quoted).
--
|>|\/|<
/--------------------------------------------------------------------------\
|David M. Cooke
|cookedm(at)physics(dot)mcmaster(dot)ca
More information about the Python-list
mailing list