On Thu, Sep 20, 2012 at 3:09 PM, Leigh <lei...@gmail.com> wrote: > > My whole point here is identifying WHAT needs 'escaping'. You can't > simply > > 'escape' the output stream, you still want html tags to get out? > > This problem is specific to YOU, because (as far as I understood your > previous post) you decided to store big chunks of HTML in your data > store. It is not a problem with this proposal, or a problem in > general. > > more specifically: accepting HTML, but trying to allow some of the tags but still filtering most of it. HTMLPurifier is the tool for this kind of job, but most people would recommend using some kind of alternative markup format, like BBCode<http://en.wikipedia.org/wiki/BBCode> .
-- Ferenc Kovács @Tyr43l - http://tyrael.hu
