velocity-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Will Glass-Husain" <wgl...@forio.com>
Subject Re: off-topic: HTML filtering
Date Sun, 30 Oct 2005 13:41:06 GMT
Thanks for the suggestions.

I was debating using [b] etc, but realized the only good reason to do so was 
laziness in not coding a decent filter.  Why invent a new syntax when HTML 
is pretty darn good?

I'll look into htmlparser.

WILL

----- Original Message ----- 
From: "Robert Koberg" <rob@koberg.com>
To: "Velocity Users List" <velocity-user@jakarta.apache.org>
Sent: Saturday, October 29, 2005 3:58 AM
Subject: Re: off-topic: HTML filtering


> Will Glass-Husain wrote:
>> Hi,
>>
>> This is a little off-topic, but I'm struggling a bit to find something - 
>> I thought one of my fellow Velocity users might have a tip.
>>
>> I want to allow users to enter comments on a site with HTML formatting 
>> tags but prevent any javascript hyperlinks, or other potential 
>> cross-scripting issues.  Specifically, I need a Java library that will 
>> parse text, allowing HTML formatting (<b>, <i>, <img>, and non-Javascript

>> <a>) but escaping everything else.
>>
>> Does anyone know a good source?  There's a very nice PHP library--  
>> lib_filter ( http://code.iamcal.com/php/lib_filter/ )-- that does exactly 
>> this.  The issues are subtle enough that I'd like to re-use rather than 
>> make my own if possible.  (and to make things more difficult, the license 
>> can't be GPL).
>
> Do you need to allow them to enter HTML tags? Instead could they enter 
> something like [b]foo[/b]? (you could have a button that does it for them 
> on the selected text). This way you can strip *all* html tags using 
> org.apache.commons.lang.StringEscapeUtils. Then after stripping you can 
> convert your set of well known markup to HTML and save that.
>
> best,
> -Rob
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: velocity-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: velocity-user-help@jakarta.apache.org


Mime
View raw message