x00Don't PM about development, I'm not currently taking on clientsMVP
Well then you could use BBCode formatter. Or you can create your ow white list for htmlLawed.
I understand why you would think like that but honestly the situation is not as bad as you think.
Honestly though the security concern is stuff using styling to misdirect. One solution I've used is to ban style attribute, and then have a white list of approved classes.
forms-inputs,etc are explicitly banned, so it is not like you could create a fake logon form. You probably want to stop positioning techniques like negative margin.
there is no srcipting allowed.
Don't PM about development, I'm not currently taking on clients.
x00Don't PM about development, I'm not currently taking on clientsMVP
You can do what you want with htmLawed, read their docs for info.
If tags are malformed, it spits out reasonable, parsable markup.
Anyway it quite nice to at least give you user the option of doing other things like tables, lists, etc. Not every know, but it allows people to
O do understand those that don't want random colours, but HtmLawed can make it easier to be spefic about stuff like that.
Although it could be easier to just to style the comment class with baground-color, border-color, outline-color,background-image set with !important, and that will overrule poor taste.
There is a certain amount to be said for just firefighting when somebody has made a total mess. Because you are goign to get some nice original content too.
Don't PM about development, I'm not currently taking on clients.
Answers
Under comment textarea in your forum is a link. Says simple html etc click it.
422 Real Estate Australia , now open Check it out
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •the Markdown link? I cant found that. Can u please paste the link u meant
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s3.3
Don't PM about development, I'm not currently taking on clients.
grep is your friend.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •btw some of those are explicitly disallowed
*-applet-form-input-textarea-iframe-script-styleDon't PM about development, I'm not currently taking on clients.
grep is your friend.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •thanks so much. It helped me.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •for security reason i prefer to strip_tags and just allow the the ordinary bold,italic, etc
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •Well then you could use BBCode formatter. Or you can create your ow white list for htmlLawed.
I understand why you would think like that but honestly the situation is not as bad as you think.
Honestly though the security concern is stuff using styling to misdirect. One solution I've used is to ban style attribute, and then have a white list of approved classes.
forms-inputs,etc are explicitly banned, so it is not like you could create a fake logon form. You probably want to stop positioning techniques like negative margin.
there is no srcipting allowed.
Don't PM about development, I'm not currently taking on clients.
grep is your friend.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •htmlawed seem to be better.
I'll learn more about htmlawed. Many thanks again
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •You can do what you want with htmLawed, read their docs for info.
If tags are malformed, it spits out reasonable, parsable markup.
Anyway it quite nice to at least give you user the option of doing other things like tables, lists, etc. Not every know, but it allows people to
O do understand those that don't want random colours, but HtmLawed can make it easier to be spefic about stuff like that.
Although it could be easier to just to style the comment class with baground-color, border-color, outline-color,background-image set with !important, and that will overrule poor taste.
There is a certain amount to be said for just firefighting when somebody has made a total mess. Because you are goign to get some nice original content too.
Don't PM about development, I'm not currently taking on clients.
grep is your friend.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •If you go the approved classes route, you need to adapt any wysiwyg editor to use the classes rather then style attributes.
Don't PM about development, I'm not currently taking on clients.
grep is your friend.
- Spam
- Abuse
- Troll
0 • Off Topic Insightful Awesome LOL •