Log in
Forgot your password?
History for stripHTML
??changed:- "stripHTML" Proposal Example of implementation <dtml-var userobject fmt=filtertags> Goals o Allow malicious HTML code to be filtered out of text that is input by untrusted users. Proposed Changes Add to DTML Documents and Methods a processing step which recognizes SGML tags with a 'filtertags' attribute. Parse and replace these tags with filtered versions of the text. The level of filering should be possible to specify, say, at high levels it removes everything that is normally parsed as a tag, lower levels allow things like URL links and lists/formatting, but not image tags and the script tag. It would probably be smart to subclass a SGML-parser-class from the python sources when implementing. Result It would be possible to achieve a higher level of security when dealing with untrusted users. And to preserve own HTML structure intact. Other I know this has been discussed, but never saw anything concrete come out of those discussions. Mail me at mailto:[email protected] if there already is a simple way to achieve this. <i>Current Solution: Yes there is an easy way to achieve this using _.getitem("foo") which is shorthand for _.getitem("foo",0). This inserts the object contents and and automagically turns the HTML delimiters into harmless entities. This will also turn off server-side rendering of the DTML code too. --[Caseman]</i>