I will take a patch to XML and sanitize that does this
On May 24, 10:42 am, howesc <[email protected]> wrote: > Hello, > > I have a spot on my site where i want a user to be able to input HTML > formatted text, with limitations to accepted tags. I would also like > to use a WYSIWYG editor. The trouble that I'm having is that users > like to write the stuff in Microsoft Word and paste it into the > editor. When that happens all sorts of "crap" gets inserted into the > HTML. I want to remove this from the HTML completely. > > I was looking at gluon.sanitizer and found this: > > from gluon.sanitizer import sanitize > request.vars.story = sanitize(request.vars.dedication) > logging.info("cleaned dedication is: %s" % > request.vars.dedication) > > trouble is that it escapes the HTML that i don't want. There is a > method in sanitizer called strip(), but it really just escapes. would > it be bad to extend the functionality of sanitizer to provide an > option to remove the dis-allowed items rather than escaping them? > > (i've tried to make both nicEdit and OpenWYSIWYG editors strip for me, > but neither works well - nicEdit misses some formatting, and > OpenWYSIWYG removes *all* formating, even permitted formatting) > > Thanks, > > Christian
