It looks like you're new here. If you want to get involved, click one of these buttons!
can i know the list of html tags that allowed to post?
Or maybe the allowed tags if posible.
Under comment textarea in your forum is a link. Says simple html etc click it.
422 Real Estate Australia , now open Check it out
the Markdown link? I cant found that. Can u please paste the link u meant
Don't PM about development, I'm not currently taking on clients.
grep is your friend.
btw some of those are explicitly disallowed *-applet-form-input-textarea-iframe-script-style
thanks so much. It helped me.
for security reason i prefer to strip_tags and just allow the the ordinary bold,italic, etc
Well then you could use BBCode formatter. Or you can create your ow white list for htmlLawed.
I understand why you would think like that but honestly the situation is not as bad as you think.
Honestly though the security concern is stuff using styling to misdirect. One solution I've used is to ban style attribute, and then have a white list of approved classes.
forms-inputs,etc are explicitly banned, so it is not like you could create a fake logon form. You probably want to stop positioning techniques like negative margin.
there is no srcipting allowed.
htmlawed seem to be better.
I'll learn more about htmlawed. Many thanks again
You can do what you want with htmLawed, read their docs for info.
If tags are malformed, it spits out reasonable, parsable markup.
Anyway it quite nice to at least give you user the option of doing other things like tables, lists, etc. Not every know, but it allows people to
O do understand those that don't want random colours, but HtmLawed can make it easier to be spefic about stuff like that.
Although it could be easier to just to style the comment class with baground-color, border-color, outline-color,background-image set with !important, and that will overrule poor taste.
There is a certain amount to be said for just firefighting when somebody has made a total mess. Because you are goign to get some nice original content too.
If you go the approved classes route, you need to adapt any wysiwyg editor to use the classes rather then style attributes.