Tom Chiverton wrote: > On Wednesday 29 November 2006 16:28, Rick Root wrote: > >>That's not the sole purpose. In fact, I'm trying to "sanitize" HTML >>emails being viewed in a webmail application. > > Ahh. > Most HTML emails contain a plain text part, as I'm sure you know, but a good > start with HTML only emails might be: > Repeat until no matches: > For each <(.*)>(.*)</$1> replace with $2 > For each <(.*)/> except <p/> replace with empty string > For each <br> replace with \n > For each <p> or <p/> replace with \n\n > For each <(.*)> replace with escape(<)$1escape(>)
my tagStripper() udf already does that quite nicely. But I'm not trying to eliminate HTML markup from HTML emails.. I'd prefer to actually show the HTML. That's why I said "sanitize" And by "sanitize" I mean removing unfriendly HTML tags like EMBED, OBJECT, APPLET, IFRAME, etc.. and removing javascript so that you can view an HTML email without being overly concerned about nasty javascript, activex controls, etc. > If you know non-CF langauges, look at a webmail app written (SquirrelMail > springs to mind) in them and see what they do - this isn't the first or last > time someone's had to do this :-) As I move on, I will dig into SquirrelMail to see how they handle blocking images in HTML emails. >>Just FYI, that doesn't work because even if you disable the ability to >>edit source directly, users can still paste in undesirable stuff. Not > > But the editor will escape it when it's inserted, so all the angle > brackets 'vanish'. Not always and not be default for sure. Both FCKeditor and TinyMCE allow you to paste in javascript: go here: http://www.opensourcecf.com/test.html Do a ctrl-A to select all and copy everything.. (not the source, just the HTML content of the page). Then go to the TinyMCE demo page: http://tinymce.moxiecode.com/example_full.php?example=true Paste what you copied in... and submit. the javascript is still there, and it works. You didn't have to edit any HTML source to do that. FCKeditor is the same way. Can you prevent people from pasting in javascript URLs and onmouseovers with TinyMCE? I don't know. I'd rather rely on the server to make sure nothing like that gets through. Rick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:262061 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
