How to prevent user content from messing up my markup?

On my website, I have a page that allows users to leave comments. I’m
using Rick O.'s Whitelist plugin (http://svn.techno-weenie.net/
projects/plugins/white_list/) to only allow a, b and i tags in user
comments. This works great to escape other HTML tags, but it still
allows the user to improperly use the allowed tags in a way that
screws up my markup. For example, someone can use an opening i tag
and forget to close it. My markup will of course no longer validate.
I don’t know how the different browsers handle it, but at least on
firefox, everything after the opening i tag will be italics.

How do I prevent user content that can contain a few whitelisted html
tags from screwing up my markup?

Thanks!

On 18 Apr 2008, at 03:32, Myron M. wrote:

How do I prevent user content that can contain a few whitelisted html
tags from screwing up my markup?

You could always check if the markup is valid, and if not just escape
all the html out of it.

Fred

On Apr 18, 2008, at 12:52 PM, Frederick C. wrote:

allows the user to improperly use the allowed tags in a way that

Fred

Use Hpricot?

irb> require ‘rubygems’; gem ‘hpricot’
=> true
irb> require ‘hpricot’
=> true
irb> h = Hpricot(“bolditalic, too”)
=> #<Hpricot::Doc {elem “bold” {elem “italic, too”} }>
irb> h.to_html
=> “bolditalic, too

Note that the closing is added.

-Rob

Rob B. http://agileconsultingllc.com
[email protected]

Guys, thanks for your help. Hpricot worked like a charm. I had heard
of hpricot before but had forgotten about it and never tried it.

On Apr 19, 3:00 am, Rob B. [email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs