velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Will Glass-Husain" <>
Subject Re: off-topic: HTML filtering
Date Sun, 30 Oct 2005 13:41:06 GMT
Thanks for the suggestions.

I was debating using [b] etc, but realized the only good reason to do so was 
laziness in not coding a decent filter.  Why invent a new syntax when HTML 
is pretty darn good?

I'll look into htmlparser.


----- Original Message ----- 
From: "Robert Koberg" <>
To: "Velocity Users List" <>
Sent: Saturday, October 29, 2005 3:58 AM
Subject: Re: off-topic: HTML filtering

> Will Glass-Husain wrote:
>> Hi,
>> This is a little off-topic, but I'm struggling a bit to find something - 
>> I thought one of my fellow Velocity users might have a tip.
>> I want to allow users to enter comments on a site with HTML formatting 
>> tags but prevent any javascript hyperlinks, or other potential 
>> cross-scripting issues.  Specifically, I need a Java library that will 
>> parse text, allowing HTML formatting (<b>, <i>, <img>, and non-Javascript

>> <a>) but escaping everything else.
>> Does anyone know a good source?  There's a very nice PHP library--  
>> lib_filter ( )-- that does exactly 
>> this.  The issues are subtle enough that I'd like to re-use rather than 
>> make my own if possible.  (and to make things more difficult, the license 
>> can't be GPL).
> Do you need to allow them to enter HTML tags? Instead could they enter 
> something like [b]foo[/b]? (you could have a button that does it for them 
> on the selected text). This way you can strip *all* html tags using 
> org.apache.commons.lang.StringEscapeUtils. Then after stripping you can 
> convert your set of well known markup to HTML and save that.
> best,
> -Rob
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message