On Sat, Jun 28, 2008 at 8:50 PM, Jonathan Vanasco <[EMAIL PROTECTED]> wrote: > > I need to sanitize user input for 'comments' and 'postings'. > > Can anyone suggest good ways to handle this? > > Browsing the web and other projects, it seems most people do this: > - use beautiful soup ( which i think might be overkill ) > - use a sanitize function from sam ruby's mombo/post.py ( i'mworried > that its from '03 and a ton of regex ) > - rely on formatting into bbcode / mardown / textile > > I'd really like to find something that works like Perl's > HTML::StripScripts::Parser ( > http://search.cpan.org/~drtech/HTML-StripScripts-Parser-1.02/Parser.pm > )- which will just pull out XSS info and other untrustworthy text. > > Anyone have a suggestion ?
There was a thread recently on this list about adding a sanitizing function to WebHelpers. It hasn't been done yet but you can find a few reference implementations in that thread. Textile/markdown have some good things going for them if you can convince your users to use that syntax. Or just tell them it's a "text" field. -- Mike Orr <[EMAIL PROTECTED]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
