Simple allowing of HTML elements/attributes?

David M. Cooke cookedm+news at
Wed Feb 11 23:42:53 CET 2004

At some point, Leif K-Brooks <eurleif at> wrote:

> I'm writing a site with mod_python which will have, among other
> things, forums. I want to allow users to use some HTML (<em>,
> <strong>, <p>, etc.) on the forums, but I don't want to allow bad
> elements and attributes (onclick, <script>, etc.). I would also like
> to do basic validation (no overlapping elements like
> <strong><em>foo</em></strong>, no missing end tags). I'm not asking
> anyone to write a script for me, but does anyone have general ideas
> about how to do this quickly on an active forum?

You could require valid XML, and use a validating XML parser to
check conformance. You'd have to make sure the output is correctly
quoted (for instance, check that HTML tags in a CDATA block get quoted).

|David M. Cooke

More information about the Python-list mailing list