Re: hyperlinking unique input strings on the fly when displaying in HTML
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 31714
interpreted = N
texte = You got it. That is one reason why 4.0 has a [RemoveHTML] tag. For nowyou can just do it the same thing you are doing now, except test everyword for anything like a tag and nuke it. Also test for your _link_ anduse middle to grab the link itself and make it into a real HTML link.John PeacockJohn Butler wrote:> > Then that means the stripping of the HTML would have to happen as the input data was going *in* the> db, as opposed to when I pull it out to display...> > John Peacock wrote:> > > Yes, therein lies the rub. Having to keep a list of malicious HTML is> > not a useful bit of time spent. I would recommend coming up with some> > sort of shorthand notation that even the dimmest user could fathom:> >> > _link_http://www.mysite.com/bite_me.html_link_> >> > as an example. Then you fix up the link as you see fit. I would> > caution against any kind of list of evil tags, since you will miss one> > and regret even walking down that path. Strip anything that looks like> > HTML and insert your own HTML around the link is my advice.> >> > John Peacock> >> > John Butler wrote:> > >> > > Thank You John!> > >> > > Seems to me that with the below kind of solution, the only real hard part would be to have a> > > comprehensive list of malicious HTML strings. no?> > >> > > Even without 4.0's new features (we may need to go mission critical before 4 is debugged) we> > > can still...> > >> > > allow any input (and NOT just conver all < chars), look thru a user's input text and find> > > 'words' which start with some flag (http:// , or anything else we explicitly tell the user to> > > use - like ***, or whatever) and then wrap that word (perhaps without the flag) with the> > > appropriate
tag, and then when displaying the entire input, we just looked for> > > certain potentially malicious strings (like > >> > > something like-> > > [listwords...(list the entire input, delim by spaces)]> > > [showif [word]^