Do you expressly need to allow some kind of markup/formatting? We just disallow any tags, and use webhelpers.util.html_escape
On Jun 28, 11:50 pm, Jonathan Vanasco <[EMAIL PROTECTED]> wrote: > I need to sanitize user input for 'comments' and 'postings'. > > Can anyone suggest good ways to handle this? > > Browsing the web and other projects, it seems most people do this: > - use beautiful soup ( which i think might be overkill ) > - use a sanitize function from sam ruby's mombo/post.py ( i'mworried > that its from '03 and a ton of regex ) > - rely on formatting into bbcode / mardown / textile > > I'd really like to find something that works like Perl's > HTML::StripScripts::Parser > (http://search.cpan.org/~drtech/HTML-StripScripts-Parser-1.02/Parser.pm > )- which will just pull out XSS info and other untrustworthy text. > > Anyone have a suggestion ? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
