Return-Path: Delivered-To: apmail-jakarta-velocity-user-archive@www.apache.org Received: (qmail 36622 invoked from network); 30 Oct 2005 13:47:31 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 30 Oct 2005 13:47:31 -0000 Received: (qmail 22878 invoked by uid 500); 30 Oct 2005 13:47:10 -0000 Delivered-To: apmail-jakarta-velocity-user-archive@jakarta.apache.org Received: (qmail 22860 invoked by uid 500); 30 Oct 2005 13:47:09 -0000 Mailing-List: contact velocity-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Velocity Users List" Reply-To: "Velocity Users List" Delivered-To: mailing list velocity-user@jakarta.apache.org Received: (qmail 22849 invoked by uid 99); 30 Oct 2005 13:47:09 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 30 Oct 2005 05:47:09 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [66.98.176.9] (HELO forio.com) (66.98.176.9) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 30 Oct 2005 05:47:06 -0800 Received: (qmail 7721 invoked from network); 30 Oct 2005 13:46:47 -0000 Received: from c-69-181-76-33.hsd1.ca.comcast.net (HELO Apollo) (69.181.76.33) by broadcast.forio.com with RC4-MD5 encrypted SMTP; 30 Oct 2005 13:46:47 -0000 Message-ID: <005601c5dd58$5e089b10$9600a8c0@Apollo> From: "Will Glass-Husain" To: "Velocity Users List" References: <001e01c5dbe8$2ab3f6e0$1d00a8c0@Apollo> <436363E4.1070004@koberg.com> Subject: Re: off-topic: HTML filtering Date: Sun, 30 Oct 2005 05:41:06 -0800 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Thanks for the suggestions. I was debating using [b] etc, but realized the only good reason to do so was laziness in not coding a decent filter. Why invent a new syntax when HTML is pretty darn good? I'll look into htmlparser. WILL ----- Original Message ----- From: "Robert Koberg" To: "Velocity Users List" Sent: Saturday, October 29, 2005 3:58 AM Subject: Re: off-topic: HTML filtering > Will Glass-Husain wrote: >> Hi, >> >> This is a little off-topic, but I'm struggling a bit to find something - >> I thought one of my fellow Velocity users might have a tip. >> >> I want to allow users to enter comments on a site with HTML formatting >> tags but prevent any javascript hyperlinks, or other potential >> cross-scripting issues. Specifically, I need a Java library that will >> parse text, allowing HTML formatting (, , , and non-Javascript >> ) but escaping everything else. >> >> Does anyone know a good source? There's a very nice PHP library-- >> lib_filter ( http://code.iamcal.com/php/lib_filter/ )-- that does exactly >> this. The issues are subtle enough that I'd like to re-use rather than >> make my own if possible. (and to make things more difficult, the license >> can't be GPL). > > Do you need to allow them to enter HTML tags? Instead could they enter > something like [b]foo[/b]? (you could have a button that does it for them > on the selected text). This way you can strip *all* html tags using > org.apache.commons.lang.StringEscapeUtils. Then after stripping you can > convert your set of well known markup to HTML and save that. > > best, > -Rob > > --------------------------------------------------------------------- > To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org > For additional commands, e-mail: velocity-user-help@jakarta.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: velocity-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: velocity-user-help@jakarta.apache.org