Wikis generally get around this by introducing a special syntax, e.g. wikis on http://code.google.com, which use the syntax at http://code.google.com/p/support/wiki/WikiSyntax. The correct substitutions are made before the page is rendered, transforming *bold* into <b>bold</b> for example.
If you don't want to emulate this model, you'll have to be very careful. You can unescape the output to get the raw HTML but you must filter out tags that you don't want in your descriptions such as <script>, <iframe>, <applet>, and so on. This is more difficult than it sounds, so I advise you go with the first approach. - Jason On Sep 25, 12:21 pm, guifiche <[EMAIL PROTECTED]> wrote: > Hi, > > I'd like to allow the app users to type a product description using > HTML. > Currently I'm storing variables in a JSON string and accordingly to > the Orkut guidelines I must escape the string before displaying the > data. This causes the HTML to be displayed as code snippet. > > When I don't escape the string I can get HTML displayed, but it is not > allowed because it may allow execution of javascript entered by the > user. > > How can I achieve this functionality and still adhere Orkut > guidelines? > Any one has a code sample to do this? > > Regards, > Guilherme --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to opensocial-orkut@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en -~----------~----~----~----~------~----~------~--~---
