Hi, i wan't to permit users to send their own content, text, html, and
stuff like that. It should also be permit them to send their own design,
using div, span, internal style attributes and so on. Obviously i'd like
to protect everything forbidding javascript, but permitting object and
embedded (for youtube, gvideo, etc).
From a previous post the suggestion was wonko/sanitize:
But i've not found time to try it yet.
Btw, my question now is another, how can i remove external links, but
keeping the text link and internal links?
I mean, if a user insert "<a href="http://externaldomain.com">my
site</a>" it should be sanitized to just "my site", instead if he insert
"<a href="http://domain.com">read this page</a>" it should keep it as it
is (domain.com is "whitelisted"). And it also should remove others like
mailto:, ftp:, etc (just keep http and https)
Any hint about this ? (considering the first lines about styles, and
which sanitezer to use)
thank you