not necessary with web2py forms. Escaping is taken care of automatically. Example:
$ python web2py.py -S welcome In [*1*]: a = "<span>hello</span>" In [*2*]: print TEXTAREA(value=a) <textarea cols="40" rows="10"><span>hello</span></textarea> On Thursday, 23 February 2017 11:32:01 UTC-6, Pierre wrote: > > Hi everyone, > > is it useful to clean a form textarea prior to db.insert ? I am asking > this because of *bleach* : > > https://bleach.readthedocs.io/en/latest/clean.html > > I have read a recent post which says it's secure enough not to use the XML > helper when displaying text content....... > > can't figure out wether* bleach* is necessary or 'overkill' ? > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
