You can upload HTML but then splay it with {{=XML
(html_text,sanitize=True)}}On Jan 31, 3:17 pm, weheh <[email protected]> wrote: > This is not precisely a web2py question. But there are knowledgeable > people here who may know the answer. > > I'm adding CMS functionality to my site. As it is currently > implemented, I have a text field that an admin can type html into and > then upload it to the site where it is displayed. > > My concern is that I am creating a security hole in the site. It would > obviously be better if they couldn't upload html, but rather a simpler > markup language that is read by a python module that parses it and > spits out real html, which is then displayed. This would potentially > block any nasty code that someone might try to upload to the site. > > Anybody know of such a markup language and its associated python > module? (I know python has an html parser and I could block all tags > other than a select few, but thought I'd ask in case there's a better > answer out there.) -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
