Forum OpenACS Development: Re: Rich text input

Collapse
12: Re: Rich text input (response to 1)
Posted by Vadim Makarov on
For security reasons we only accept the submission of HTML containing the following tags:
B I P A LI OL UL EM BR TT STRONG BLOCKQUOTE CODE PRE FIRST_NAMES LAST_NAME EMAIL GROUP_NAME
You have a <form> tag in there.
- yeah, thanks. I'll try to describe it in words then. You can call your format options:
text
text with autolinks
HTML
and make text with autolinks default.

Note that you can't unambiguously detect URLs, because they may contain spaces (thanks to MS) if not for a bunch of other reasons.

To me, a mix of user-entered HTML and post-processing always screws something up, except in the simplest cases. I had to swear a lot at various forums that do that. It's better to leave HTML option intact, i.e. no post-processing on user input. If it's HTML, it's HTML, no strings attached (well, that seems to be already lost :).

Collapse
18: Re: Rich text input (response to 12)
Posted by Andrei Popov on
> Note that you can't unambiguously detect URLs, because they
> may contain spaces (thanks to MS) if not for a bunch of 
> other reasons.
Shouldn't all non-plain ASCII's be quoted? I.e. your http://www.somwhere.com/silly url.htm become http://www.somwhere.com/silly%20url.htm? After all, when one copy/pastes from address window it is likely to be formatted correctly. Otherwise it should be user's tough luck, I suppose.