On Jun 1, 2006, at 7:05 AM, [EMAIL PROTECTED] wrote: > > I like the Django integration for the various rich text editors, and I > want to give my users the ability to post styled text -- i just don't > want to open the floodgates for all kinds of embedded HTML, with all > the potential exploitable problems that can bring.
Is it not sufficient to just look for <script> and <object> tags and filter those out? Are there other HTML things people can do that would pose risks? Todd --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
