This is not precisely a web2py question. But there are knowledgeable people here who may know the answer.
I'm adding CMS functionality to my site. As it is currently implemented, I have a text field that an admin can type html into and then upload it to the site where it is displayed. My concern is that I am creating a security hole in the site. It would obviously be better if they couldn't upload html, but rather a simpler markup language that is read by a python module that parses it and spits out real html, which is then displayed. This would potentially block any nasty code that someone might try to upload to the site. Anybody know of such a markup language and its associated python module? (I know python has an html parser and I could block all tags other than a select few, but thought I'd ask in case there's a better answer out there.) -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
