Posted by jason342 on September 26, 2007 at 6:28pm
Which is safest to use?
Also which will stop an foregtfully un-closed tag such as <b>Forgetting to close bold tag or <table>Forgetting to close table tag to affect the WHOLE site?
Ofcurse, I have assigned B tags and Table tags in 'Allowed HTML tags' and have HTML filter switched on.
Comments
taking a stab
safest to use and safest for whom? depends on your level of paranoia and whether or not you trust your user community. don't trust? strip. if they can correct and are allowed to edit, escape. guessing "strip" is "safer".
there is an html corrector project in contrib that will be discontinued in v6 (due to inclusion in core) that you can investigate.
good luck!
Escaping (note: Escape all
Escaping (note: Escape all tags), which runs htmlspecialchars() on the text is the safest, but also the most destructive, as no HTML tag will pass unscathed. Users will not be able to use <strong> or <em> for example.
HTML corrector is the way to go to correct unclosed tags. The filter will be builtin in Drupal 6.
--
The Manual | Troubleshooting FAQ | Tips for posting | How to report a security issue.
--
The Manual | Troubleshooting FAQ | Tips for posting | How to report a security issue.