Thanks once again :)
I really appreciate your quick response to these questions.
A happy web2py user.
2013/2/4 Massimo Di Pierro <massimo.dipie...@gmail.com>
> You will be fine. SPAN should be there by default. It is not and that is
> an oversight. FONT is not there because deprecated tag.
>
>
> On Monday, 4 February 2013 12:06:42 UTC-6, Martijn Hermans wrote:
>>
>> I've got a website in wich I want to allow the user some customization.
>>
>> To prevent my site from injection, I use : {{=XML(markup,sanitize=True)**
>> }}
>>
>> This works perfect, except it doesn't allow the tags 'font' and 'span'.
>>
>> I know I can override this default behaviour, but I want to know if I
>> expose my site to dangers if I allow the 'font' and 'span tags'.
>>
>> Is there a good reason they are not exposed by default???
>>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
