> Has anyone produced a server-side HTML filter to avoid abuses of the > HTML submissions from TineMCE (or any user-editable field, for that > matter)? TinyMCE does filtering, but you can bypass it by disabling > javascript or doing direct posts so a server side filter is a > necessary safety net.
Would you like to remove SCRIPT tags or certain other elements/attributes? Parsing the HTML into a SEXP tree with the help of closure-html and then walking it is pretty simple. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "weblocks" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/weblocks?hl=en -~----------~----~----~----~------~----~------~--~---
