nicknameoptional
2007-Apr-12 06:22 UTC
for user submitted content, textile or inspected html ?
I know use another markup language, like wiki syntax or textile is to prevent javascript injection. But for user who don''t know about wiki syntax or textile, I''m thinking about just allow them to enter plain html, parse the content, and reject all questionable tags and attributes, only allow predefined (safe) tags, like bold or italic, etc. Is using html for markup less secure than using non-html markup? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---