Solved

Storing bullet lists in database but no other tags  (especially javascript)

Posted on 2014-11-23
3
189 Views
Last Modified: 2014-12-09
Hi

I have a website where the user wants to store some bullet pointed lists in the database

According to pages like this i can use rich text editors and they will store the html tags
http://www.kevinroth.com/rte/.

I am  a bit nervous as i always use striptags to get rid of html or code before it goes into the database
I could use striptags and allow lists? I appreciate this might remove any formatting they add so i might allow bold, italics and headers?

Is this 'safe'? Will is still keep javascript out?

Thanks experts
0
Comment
Question by:andieje
  • 2
3 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
Comment Utility
A quick look at the Kevin Roth site gives us this:
The Cross-Browser Rich Text Editor (RTE) is based on the designMode() functionality introduced in Internet Explorer 5, ...
Since IE5 is completely obsolete and unsupported by anyone any more, a more reasonable approach might be to learn about one of the modern textarea editors.  The two that are open-source and currently popular are TinyMCE (Used by WordPress) and CKEditor.  Once you dig into the internals of either of those packages you will quickly find ways to do almost everything you want with a rich text editor.

I have not used either in a few years, and technology is always advancing, but I know for sure that TinyMCE has the ability to restrict the types of tags that users can enter.  The docs for valid_elements and invalid_elements describe this.
0
 

Author Comment

by:andieje
Comment Utility
to summise - it should be possible with the right editor?
0
 

Author Closing Comment

by:andieje
Comment Utility
thanks
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now