You will be fine. SPAN should be there by default. It is not and that is an
oversight. FONT is not there because deprecated tag.
On Monday, 4 February 2013 12:06:42 UTC-6, Martijn Hermans wrote:
>
> I've got a website in wich I want to allow the user some customization.
>
> To prevent my site from injection, I use : {{=XML(markup,sanitize=True)}}
>
> This works perfect, except it doesn't allow the tags 'font' and 'span'.
>
> I know I can override this default behaviour, but I want to know if I
> expose my site to dangers if I allow the 'font' and 'span tags'.
>
> Is there a good reason they are not exposed by default???
>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
