Scott Anderson wrote: > You're going to have to filter on the server side no matter what the browser > editor produces. ie. if you want to allow someone to post a link, you'll > still have to filter the href of the link posted via BBCode or someone can > just bypass the editor and post the code directly by not using your interface. > > The only surefire way, of course, is to completely disallow HTML (via quoting > < characters) and just allow text.
That's more or less what I'm doing. I pass the output through escape | urlize | bbcode text filters, so any HTML input into the editor (or posted directly via a POST request) comes out as <, >, etc. and only selected bbcode markup gets converted to HTML markup. Daniel --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
