roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Van R-H <>
Subject prevent javascript execution in blog title, entry, and about section
Date Fri, 30 Sep 2011 20:06:01 GMT

I wanted to followup on this thread -

I'd like to prevent javascript entered in title, entry and about
section from being executed. Is there a setting or utils method that
is available? If not, would this be something similar to whats done
for  utils.escapeHTML. Our current _day.vm uses $entry.displayContent
to display the entry.

I'd like the allow HTML but NOT javascript. Is this a matter of doing
replace String for <script>?

I'm running 4.01 on WLS 11g and Oracle DB.


View raw message