Thanks! At the moment this is just a personal blog that only I'm going to
be posting on so security isn't an issue. Once I start expanding it out
feature wise then I'll get more into security. I plan on eventually
branching it off as a forum app as well so it will be important eventually.
Content inserted in views is automatically escaped. To avoid that, use
XML(): http://web2py.com/books/default/chapter/29/5#XML.
Note, this can be very dangerous if you're allowing users to enter
arbitrary HTML -- in that case, you should at least sanitize the content
via XML(..., sanitize=True)
2 matches
Mail list logo