Re: hyperlinking unique input strings on the fly when displaying
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 31706
interpreted = N
texte = How about building the HTML yourself?Give them the options for the text to enter, and allow things like
or� but nothing else. You would have to convert < to < and > to > for�example.Maybe this would work better for you?-- �Dale Therio �+49 69 263 19977 office Dresdner Kleinwort Benson Research�+49 69 263 11379 fax Jürgen-Ponto-Platz 1�+49 170 934 3610 mobile 60301 Frankfurt, Germany�> From: John Butler �> Reply-To: (WebCatalog Talk)�> Date: Wed, 10 May 2000 12:29:44�> To: (WebCatalog Talk)�> Subject: Re: hyperlinking unique input strings on the fly when displaying in�> HTML�> �> Thank You John!�> �> Seems to me that with the below kind of solution, the only real hard part�> would be to have a�> comprehensive list of malicious HTML strings. no?�> �> Even without 4.0's new features (we may need to go mission critical before 4�> is debugged) we�> can still...�> �> allow any input (and NOT just conver all < chars), look thru a user's input�> text and find�> 'words' which start with some flag (http:// , or anything else we explicitly�> tell the user to�> use - like ***, or whatever) and then wrap that word (perhaps without the�> flag) with the�> appropriate tag, and then when displaying the entire input, we just�> looked for�> certain potentially malicious strings (like those.�> �> something like-�> [listwords...(list the entire input, delim by spaces)]�> [showif [word]^ [convertchars db=custom][word][/convertchars]�> [/showif]�> [showif [word]^another malicious HTML chunk]�> [convertchars db=custom][word][/convertchars]�> [/showif]�> [showif [word]^another malicious HTML chunk]�> [convertchars db=custom][word][/convertchars]�> [/showif]�> [showif [word]~http://]�> [word]�> [/showif]�> [/listwords]�> �> This would require having a list of all the malicious HTML we wanted to check�> for. That seems�> to be the hardest part.