Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 202
  • Last Modified:

Storing bullet lists in database but no other tags (especially javascript)

Hi

I have a website where the user wants to store some bullet pointed lists in the database

According to pages like this i can use rich text editors and they will store the html tags
http://www.kevinroth.com/rte/.

I am  a bit nervous as i always use striptags to get rid of html or code before it goes into the database
I could use striptags and allow lists? I appreciate this might remove any formatting they add so i might allow bold, italics and headers?

Is this 'safe'? Will is still keep javascript out?

Thanks experts
0
andieje
Asked:
andieje
  • 2
1 Solution
 
Ray PaseurCommented:
A quick look at the Kevin Roth site gives us this:
The Cross-Browser Rich Text Editor (RTE) is based on the designMode() functionality introduced in Internet Explorer 5, ...
Since IE5 is completely obsolete and unsupported by anyone any more, a more reasonable approach might be to learn about one of the modern textarea editors.  The two that are open-source and currently popular are TinyMCE (Used by WordPress) and CKEditor.  Once you dig into the internals of either of those packages you will quickly find ways to do almost everything you want with a rich text editor.

I have not used either in a few years, and technology is always advancing, but I know for sure that TinyMCE has the ability to restrict the types of tags that users can enter.  The docs for valid_elements and invalid_elements describe this.
0
 
andiejeAuthor Commented:
to summise - it should be possible with the right editor?
0
 
andiejeAuthor Commented:
thanks
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now