Very cool. OWASP is generally a good source for security related things, so this sounds promising. I'll have a closer look at the project tomorrow. I hope it can also parse link targets (to avoid "javascript:..." hrefs) etc.
Thanks for the link Chris On Feb 15, 3:42 pm, Joe Cole <[email protected]> wrote: > We use antisami for this, which is awesome: > > http://code.google.com/p/owaspantisamy/ > > On Feb 16, 2:23 am, Chris Lercher <[email protected]> wrote: > > > > > I think the RichTextArea is really a great widget! As always, be very > > careful when you use the result HTML. Parse the result on the server > > side, and eliminate unwanted tags and also unwanted attributes (like > > 'onClick'). This isn't so easy, because you probably want to allow > > exactly the kind of HTML that a user can produce by interacting with > > the RichTextArea's controls. > > > I think it might be a good idea for GWT to provide a utility method > > which can perform this kind of filtering (on the server side). OTOH, > > this will probably require to build a real parser, because it's one of > > the things that regular expressions can't do. > > > Chris > > > On Feb 15, 12:10 pm, Thomas Broyer <[email protected]> wrote: > > > > On Feb 12, 6:12 pm, Ahmad Bdair <[email protected]> wrote: > > > > > Hello, Is there a widget that provides a similar functionality to what > > > > text area in emails / blog / forums provides? Where the user can write > > > > text, change its color, bold..etc > > > > How about a > > > RichTextArea?http://gwt.google.com/samples/Showcase/Showcase.html#CwRichTexthttp:/...... -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
