On Jun 12, 4:21 pm, "Mike Orr" <[EMAIL PROTECTED]> wrote:
> On Thu, Jun 12, 2008 at 7:55 AM, rcs_comp <[EMAIL PROTECTED]> wrote:
> > 4) sanitizing HTML (not directly discussed here, but a good
> > implementation of this will be helpful, increase security, and should
> > be able to be extended trivially to provide #2, striping all HTML
> > tags).
>
> What exactly do you mean by sanitizing? Stripping all except a few
> formatting tags? This would be good for WebHelpers if somebody can
> provide an implementation. One not depending on non-stdlib packages.
Yes, I think the best way to implement something like this is to have
a white list of approved tags and attributes. I am new to Python so I
don't know if the things I suggested above depend on non-stdlib
packages. However, an example library if what I have in mind written
in PHP is here:
http://htmlpurifier.org/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
