Jon Ribbens wrote: > On Thu, Feb 07, 2008 at 02:35:29PM +0000, Michael Sparks wrote: > >> Just a quick Q for people: what's your favourite way (preferably a library >> :) >> of allowing a subset of HTML tags through? I can think of 1/2 dozen >> different >> ways of doing this, but I'm sure there's a preferred approach for some... >> > > Be aware that if you are doing this for security reasons (e.g. to > prevent cross-site scripting), it is very hard to get right. > > The code at > http://www.voidspace.org.uk/python/weblog/arch_d7_2005_04_23.shtml#e35 > is wrong, for example. >
I take no responsibility for anything I did two years ago. ;-) That aside, what *is* wrong with it. (I know nothing about XSS nor was that my concern - but I am interested). Michael > _______________________________________________ > python-uk mailing list > python-uk@python.org > http://mail.python.org/mailman/listinfo/python-uk > > _______________________________________________ python-uk mailing list python-uk@python.org http://mail.python.org/mailman/listinfo/python-uk
