RE: HTML tags to be filtered out

Well isotope makes a case for not allowing the table tag. At least until you are level 5. :-)

Seriously, the right way to handle security is to explicitly list what is allowed and filter out all else. Add to what is allowed as the need/desire comes up.

EDIT
I should explain the isotope comment.

At this moment there is an image snuck onto a novice's page through the table tag. Personally I think it is very respectfully done, but the point is that until you really stop and think about a construct, you have no idea what someone may come up with...

Comment on RE: HTML tags to be filtered out

Replies are listed 'Best First'.
RE: RE: HTML tags to be filtered out by bastard (Hermit) on Aug 24, 2000 at 00:55 UTC
Actually table tags can be very bad. Someone can use: (no i'm not going to demonstrate) `[/TD][/TR][/TABLE]` To close the current table, usually horribly breaking the rest of the page. I accidentally forgot to close a table once (on my home node), and nearly couldn't get back into the editor to undo the change. My personal suggestion is to start with the rtf format, and allow only those tags that would enable rtf-like formatting. Build from there, but slowly.	[reply] [d/l]

Replies are listed 'Best First'.

RE: RE: HTML tags to be filtered out
by bastard (Hermit) on Aug 24, 2000 at 00:55 UTC

[/TD][/TR][/TABLE]

To close the current table, usually horribly breaking the rest of the page.
I accidentally forgot to close a table once (on my home node), and nearly couldn't get back into the editor to undo the change.

My personal suggestion is to start with the rtf format, and allow only those tags that would enable rtf-like formatting. Build from there, but slowly.

[reply]
[d/l]