This is not precisely a web2py question. But there are knowledgeable
people here who may know the answer.
I'm adding CMS functionality to my site. As it is currently
implemented, I have a text field that an admin can type html into and
then upload it to the site where it is displayed.
My concern is that I am creating a security hole in the site. It would
obviously be better if they couldn't upload html, but rather a simpler
markup language that is read by a python module that parses it and
spits out real html, which is then displayed. This would potentially
block any nasty code that someone might try to upload to the site.
Anybody know of such a markup language and its associated python
module? (I know python has an html parser and I could block all tags
other than a select few, but thought I'd ask in case there's a better
answer out there.)
--
You received this message because you are subscribed to the Google Groups
web2py-users group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.
