On my website, I have a page that allows users to leave comments. I'm
using Rick Olson's Whitelist plugin (http://svn.techno-weenie.net/
projects/plugins/white_list/) to only allow a, b and i tags in user
comments. This works great to escape other HTML tags, but it still
allows the user to improperly use the allowed tags in a way that
screws up my markup. For example, someone can use an opening i tag
and forget to close it. My markup will of course no longer validate.
I don't know how the different browsers handle it, but at least on
firefox, everything after the opening i tag will be italics.
How do I prevent user content that can contain a few whitelisted html
tags from screwing up my markup?
On my website, I have a page that allows users to leave comments. I'm
using Rick Olson's Whitelist plugin (http://svn.techno-weenie.net/
projects/plugins/white_list/) to only allow a, b and i tags in user
comments. This works great to escape other HTML tags, but it still
allows the user to improperly use the allowed tags in a way that
screws up my markup. For example, someone can use an opening i tag
and forget to close it. My markup will of course no longer validate.
I don't know how the different browsers handle it, but at least on
firefox, everything after the opening i tag will be italics.
How do I prevent user content that can contain a few whitelisted html
tags from screwing up my markup?
You could always check if the markup is valid, and if not just escape
all the html out of it.