Welcome to Squishdot How-To Newbies Squishdot
 about
 search
 post article
 Documentation
 Mailing Lists
 Bug Tracking
 Development
 Installation
 Upgrading
 Download
 admin
 rdf

 main


Using the valid_tags property
How-To Posted by Chris Withers on Thursday March 22, 06:53PM, 2001
from the now-your-site-is-safe(r) dept.
Squishdot 1.0.0 enables you to limit what tags people can include in their postings. This article explains how...

Basically, you need to add a property called valid_tags, of type lines to your Squishdot Site object. The updater will do this for you.

This needs to contain one html tag per line, in lowercase, and without the angle brackets or /'s. You don't need to include the closing tag, if there is one.

These are that tags that won't be stripped from postings to the Squishdot Site. Everything else, along with JavaScript and other nasties will be stripped.

The default tags, if no valid_tags property is present, are b,a,i,br and p allowing you to do:
<B></B><A HREF=""></A><I></I><BR><P></P>

Big thanks to Itamar for providing the bulk of the code to do this :-)

<  |  >

 

Related Links
  • Articles on How-To
  • Also by Chris Withers
  • Contact author
  • The Fine Print: The following comments are owned by whoever posted them.
    ( Reply )

    Bug in updater :-(
    by Chris Withers on Thursday March 22, 07:27PM, 2001
    There's a small bug in the updater which means it won't correctly create the valid_tags property.

    The attached version fixes the problem though :-)
    Click to download attachment 0-7-x_1-0-0.py
    1KB (1028 bytes)

    [ Reply to this ]
    • Re: Bug in updater :-(
      by Shahid on Wednesday April 09, 05:32PM, 2003
      How and where do I install this patch ? Please be very specific as I dont have a clue as to what to do. Iam a total newbie on Python/Zope etc. Cheers, shahid
      [ Reply to this ]
    Re: Using the valid_tags property
    by Itamar on Thursday March 22, 07:53PM, 2001
    This is a test of the code.



    this is in a script tage
    I didn't close the previous i tag!




    [ Reply to this ]
    • Re: Using the valid_tags property
      by Navindra Umanee on Thursday March 22, 07:57PM, 2001
      I'll probably escape (< etc) dangerous tags to expose them instead of stripping them completely from the string (just like using html_quote in the Title, would do for instance).

      Out of curiosity, did you write this striphtml code from scratch? I was looking all over the place for some ready-made python function but couldn't find one...

      Thanks for your hack!

      Cheers,
      Navin.

      [ Reply to this ]
    Re: Using the valid_tags property
    by TD on Thursday January 17, 11:41AM, 2002

    Trying out how this works. This is inline CSS style code and should appear as yellow text on magenta background on color graphical user agents that support style sheets.

    On JavaScript-enabled browsers, the following link contains JavaScript code that activates when you click on it.

    Here's a link with JavaScript. The JavaScript code runs, but in this case you don't actually follow the link.

    Looks like it will be a little more difficult to remove all JavaScript.

    [ Reply to this ]
    • Re: Using the valid_tags property
      by TD on Thursday January 17, 11:49AM, 2002

      My mistake. The JavaScript works in the preview, but is removed in the final posting. For those of you who don't know what I'm talking about, I had this code:

      <a href="http://www.squishdot.org/" onclick="alert('This is a JavaScript alert!'); return false;">


      [ Reply to this ]

     
    The Fine Print: The following comments are owned by whoever posted them.
    ( Reply )

    Powered by Zope  Squishdot Powered
      "Any system that depends on reliability is unreliable." -- Nogg's Postulate
    All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest ©1999 Butch Landingin, ©2000-2002 Chris Withers.