also you might want to consider markdown, I am using it on my site for comments.
With the WIKI that is in gluon/contrib/markdown and WMD javascript
editor, with textarea resize it makes a great combo.
Do take a look at blogitizor for how this is implemented.
-Thadeus
On Sun, Jan 31, 2010 at 4:53 PM, mdipierro <mdipie...@cs.depaul.edu> wrote:
> You can upload HTML but then splay it with {{=XML
> (html_text,sanitize=True)}}
>
>
>
> On Jan 31, 3:17 pm, weheh <richard_gor...@verizon.net> wrote:
>> This is not precisely a web2py question. But there are knowledgeable
>> people here who may know the answer.
>>
>> I'm adding CMS functionality to my site. As it is currently
>> implemented, I have a text field that an admin can type html into and
>> then upload it to the site where it is displayed.
>>
>> My concern is that I am creating a security hole in the site. It would
>> obviously be better if they couldn't upload html, but rather a simpler
>> markup language that is read by a python module that parses it and
>> spits out real html, which is then displayed. This would potentially
>> block any nasty code that someone might try to upload to the site.
>>
>> Anybody know of such a markup language and its associated python
>> module? (I know python has an html parser and I could block all tags
>> other than a select few, but thought I'd ask in case there's a better
>> answer out there.)
>
> --
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To post to this group, send email to web...@googlegroups.com.
> To unsubscribe from this group, send email to
> web2py+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/web2py?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web...@googlegroups.com.
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.
