Simple allowing of HTML elements/attributes?

David M. Cooke cookedm+news at physics.mcmaster.ca
Wed Feb 11 23:42:53 CET 2004


At some point, Leif K-Brooks <eurleif at ecritters.biz> wrote:

> I'm writing a site with mod_python which will have, among other
> things, forums. I want to allow users to use some HTML (<em>,
> <strong>, <p>, etc.) on the forums, but I don't want to allow bad
> elements and attributes (onclick, <script>, etc.). I would also like
> to do basic validation (no overlapping elements like
> <strong><em>foo</em></strong>, no missing end tags). I'm not asking
> anyone to write a script for me, but does anyone have general ideas
> about how to do this quickly on an active forum?

You could require valid XML, and use a validating XML parser to
check conformance. You'd have to make sure the output is correctly
quoted (for instance, check that HTML tags in a CDATA block get quoted).

-- 
|>|\/|<
/--------------------------------------------------------------------------\
|David M. Cooke
|cookedm(at)physics(dot)mcmaster(dot)ca



More information about the Python-list mailing list