about
search
post article
Documentation
Mailing Lists
Bug Tracking
Development
Installation
Upgrading
Download
admin
rdf
main
|
 Using the valid_tags property
|
 Posted by on Thursday March 22, 06:53PM, 2001
from the now-your-site-is-safe(r) dept.
Squishdot 1.0.0 enables you to limit what tags people can include in their postings. This article explains how...
Basically, you need to add a property called valid_tags, of type lines to your Squishdot Site object. The updater will do this for you.
This needs to contain one html tag per line, in lowercase, and without the angle brackets or /'s. You don't need to include the closing tag, if there is one.
These are that tags that won't be stripped from postings to the Squishdot Site. Everything else, along with JavaScript and other nasties will be stripped.
The default tags, if no valid_tags property is present, are b,a,i,br and p allowing you to do:
Big thanks to Itamar for providing the bulk of the code to do this :-)
< | >
|
|
Related Links
|
|
|
|
The Fine Print: The following comments are owned by whoever posted them.
( Reply )
|
Bug in updater :-(
by on Thursday March 22, 07:27PM, 2001
|
There's a small bug in the updater which means it won't correctly create the valid_tags property.
The attached version fixes the problem though :-)
 0-7-x_1-0-0.py
1KB (1028 bytes)
|
[ Reply to this ]
|
-
Re: Bug in updater :-(
by on Wednesday April 09, 05:32PM, 2003
|
How and where do I install this patch ? Please be very specific as I dont have a clue as to what to do. Iam a total newbie on Python/Zope etc. Cheers, shahid
|
[ Reply to this ]
|
|
Re: Using the valid_tags property
by on Thursday March 22, 07:53PM, 2001
|
This is a test of the code.
this is in a script tage
I didn't close the previous i tag!
|
[ Reply to this ]
|
-
Re: Using the valid_tags property
by on Thursday March 22, 07:57PM, 2001
|
I'll probably escape (< etc) dangerous tags to expose them instead of stripping them completely from the string (just like using html_quote in the Title, would do for instance).
Out of curiosity, did you write this striphtml code from scratch? I was looking all over the place for some ready-made python function but couldn't find one...
Thanks for your hack!
Cheers,
Navin.
|
[ Reply to this ]
|
|
Re: Using the valid_tags property
by on Thursday January 17, 11:41AM, 2002
|
|
Trying out how this works. This is inline CSS style code and should appear as yellow text on magenta background on color graphical user agents that support style sheets.
On JavaScript-enabled browsers, the following link contains JavaScript code that activates when you click on it.
Here's a link with JavaScript. The JavaScript code runs, but in this case you don't actually follow the link.
Looks like it will be a little more difficult to remove all JavaScript.
|
[ Reply to this ]
|
-
Re: Using the valid_tags property
by on Thursday January 17, 11:49AM, 2002
|
|
My mistake. The JavaScript works in the preview, but is removed in the final posting. For those of you who don't know what I'm talking about, I had this code:
|
[ Reply to this ]
|
|
The Fine Print: The following comments are owned by whoever posted them.
( Reply )
|
|
