On 6/20/06, Jay Parlar <[EMAIL PROTECTED]> wrote: > > Is there anything built into Django to cleanup text that a user might > enter in a textfield/comment/etc., so that if I display that text > field in a template, any unclosed tags in it won't screw up my page? > > Something like the 'striptags' filter, except instead of removing all > tags, it just makes sure they're all closed. > > If not, how do people normally do this?
On the open web, you should never ever display text supplied by regular users as HTML. Doing so allows them to wreck the page at best and create security problems or denial of service at worst. That said, if you trust your users you might like to look at Beautiful Soup for parsing and Universal Feed Parser for sanitization inspiration: http://www.crummy.com/software/BeautifulSoup/documentation.html http://www.feedparser.org/docs/html-sanitization.html ...Or maybe someone has already solved this problem, in which case I'll happily be wrong. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
