On my website, I have a page that allows users to leave comments. I’m
using Rick O.'s Whitelist plugin (http://svn.techno-weenie.net/
projects/plugins/white_list/) to only allow a, b and i tags in user
comments. This works great to escape other HTML tags, but it still
allows the user to improperly use the allowed tags in a way that
screws up my markup. For example, someone can use an opening i tag
and forget to close it. My markup will of course no longer validate.
I don’t know how the different browsers handle it, but at least on
firefox, everything after the opening i tag will be italics.
How do I prevent user content that can contain a few whitelisted html
tags from screwing up my markup?
Thanks!
On 18 Apr 2008, at 03:32, Myron M. wrote:
How do I prevent user content that can contain a few whitelisted html
tags from screwing up my markup?
You could always check if the markup is valid, and if not just escape
all the html out of it.
Fred
On Apr 18, 2008, at 12:52 PM, Frederick C. wrote:
allows the user to improperly use the allowed tags in a way that
Fred
Use Hpricot?
irb> require ‘rubygems’; gem ‘hpricot’
=> true
irb> require ‘hpricot’
=> true
irb> h = Hpricot(“bolditalic, too”)
=> #<Hpricot::Doc {elem “bold” {elem “italic, too”} }>
irb> h.to_html
=> “bolditalic, too”
Note that the closing is added.
-Rob
Rob B. http://agileconsultingllc.com
[email protected]
Guys, thanks for your help. Hpricot worked like a charm. I had heard
of hpricot before but had forgotten about it and never tried it.
On Apr 19, 3:00 am, Rob B. [email protected]