I have a form that uses tinymce for users to be able to enter text.
The rules are:
Users should be able to use IMG SRC= tags to inline any graphic stored
on the same webserver the site is hosted from
Users must not be able to use IMG SRC tags to inline any other
TinyMCE emotion icons are allowed (really just a subset of #1, because
TinyMCE emotes are just little graphic files stored in the TinyMCE
So for exmaple, given that a user is filling out a form at:
The following form input:
Hello world. Here is some porn .
And here is a picture of my grandma <IMG SRC=http://www.example.com/
The first link should be stripped, and the second one is allowed
I’m using white_list to strip out a bunch of other nasty tags. I have
added “img” to the bad_tags for now, but I need a way to let my own
site’s graphics back in.
Any ideas, or is there a better way all together to do this?
Also, is there a simple way of making white_list just strip tags out
entirely, insetead of escaping them?