On Sun, May 02, 2010 at 02:23:28PM +0200, Allan Odgaard wrote: > On 2 May 2010, at 14:01, Aristotle Pagaltzis wrote: > > >>[...] you want to filter out HTML tags [...] > >[...] And it's not impossible to write a 100% solid filter if you > >use a *white*list applied to a real HTML parser. > > Not sure what you mean by "real HTML parser". > > One thing to watch out for is improper HTML when users type a > literal '<'. I had a lot of users lose part of their comments > because everything after a standalone '<' was incorrectly filtered. > > This was with WordPress + PHPMarkdown (blog comments). What made it > worse was that it was the filtered content which went into the > database, so once filtered, the content was gone.
I'm planning in using HTML::Scrubber (my app is mod_perl). What would be a "reasonable defaults" whitelist for html tags in a forum context? Thanks, _______________________________________________ Markdown-Discuss mailing list [email protected] http://six.pairlist.net/mailman/listinfo/markdown-discuss
