Can I take a simpler approach like this:
1- use javascript regular expression to detect if the user input
string has a dangerous tag
2- if there is any forbiden tag then I'd just use the
gadgets.util.escapeString before displaying the content
3- if the string is clean I'd allow the content to be
Wikis generally get around this by introducing a special syntax, e.g.
wikis on http://code.google.com, which use the syntax at
http://code.google.com/p/support/wiki/WikiSyntax. The correct
substitutions are made before the page is rendered, transforming
*bold* into bbold/b for example.
If you
2 matches
Mail list logo