> Just discussing this with some colleagues today and we got onto a > marshalling data and it occured to us it would be nice to do something like > <input type="text" name="something:html:p:br"> that would only allow p and > br in the html. Ok, its easy to get around with a fake form, but how about > being able to only specify certain html tags in metadata in the CMF.
You seem to be aware of the fact, but I'd like to point it out explicitely: from a security point of view, this is completely useless. As HTML stripping is often done for security reasons, I fail to see the interest in such a feature. (BTW the :required field is also completely useless for security, and because it's misleading for beginners I even think it's downright harmful). -- Florent -- Florent Guillaume, Nuxeo SARL (Paris, France) +33 1 40 33 79 10 http://nuxeo.com mailto:[EMAIL PROTECTED] _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )