There must be an easy answer for this problem and I almost feel dumb
for asking.... BUT I can't figure it out and have spent too much time
trying. The scenerio is a comment/blog situation. I am using tinyMCE
which is creating 'trustable' html. I can display this with django by
using {{field|safe}}... all is good.The problem is some bozo will have their way with the textarea by turning of their javascript. So I'm trying to figure out best way to sanitize the data. The normal escaping of data won't work because it clobbers the 'good' html from tinyMCE. Anyway would be good to sanitize even the tinyMCE generated html. I've been looking at using html5 lib/parser but can't seem to get it to work. I've even gone through creating a replace method to escape everything and then put back the 'good' tags. However, that seems like a round-about way to go and get's really nasty when considering img, span, etc. tags tinyMCE creates so nicely. Surely many have come across this and there an easy answer. All suggestions and recommendations are greatly appreciated. thx, Dave --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
