On Mon, Nov 18, 2002 at 03:50:27AM -0800, Jimmy Wales wrote:
Brion Vibber wrote:
3) Allow HTML files to be uploaded, but attempt
to strip out javascript.
This could be annoying.
At first thought, this seems faily easy. Just replace all instances
of the word 'javascript' with 'java-script' in uploads?
There are probably reasons why this would suck, but it would be easy,
no?
Not so easy; javascript can be embedded in html tag properties. To
strip out all such javascript you would need a fullblown HTML parser.
That is why sites like slashdot and kuro5hin and others say "here is a
limited number of html tags you can use, nothing else", and those tags
are pure tags, such as <h2>, never tags with properties, like
<h2 align="center">
Hope this helps.
Jonathan
--
Geek House Productions, Ltd.
Providing Unix & Internet Contracting and Consulting,
QA Testing, Technical Documentation, Systems Design & Implementation,
General Programming, E-commerce, Web & Mail Services since 1998
Phone: 604-435-1205
Email: djw(a)reactor-core.org
Webpage:
http://reactor-core.org
Address: 2459 E 41st Ave, Vancouver, BC V5R2W2