permitted_tags... bingo that is what I was looking for. :) BR, Jason
On Tuesday, May 1, 2012 8:23:36 PM UTC+3, Anthony wrote: > > I am looking how to escape particular items in html and want to know what >> is actually being escaped. Is there a list on this page somewhere to show >> me this? Is it somewhere else? >> > > Escaping is done via the Python cgi.escape function (which converts "&", > "<", and ">" -- see http://docs.python.org/library/cgi.html#functions), > plus additional escaping of single quotes. See > http://code.google.com/p/web2py/source/browse/gluon/html.py#122. > > >> Also, what do I do to define other things I wouldn't want the user >> writing? >> > > I think the usual escaping should be safe, but it doesn't allow any HTML > markup -- only text. If you want to allow some HTML but still try to keep > it safe, you could do XML(potentially_unsafe_text, sanitize=True, > permitted_tags=..., allowed_attributes=...) (see > http://web2py.com/books/default/chapter/29/5#XML). > > Anthony >
