Solved

Storing bullet lists in database but no other tags  (especially javascript)

Posted on 2014-11-23
3
197 Views
Last Modified: 2014-12-09
Hi

I have a website where the user wants to store some bullet pointed lists in the database

According to pages like this i can use rich text editors and they will store the html tags
http://www.kevinroth.com/rte/.

I am  a bit nervous as i always use striptags to get rid of html or code before it goes into the database
I could use striptags and allow lists? I appreciate this might remove any formatting they add so i might allow bold, italics and headers?

Is this 'safe'? Will is still keep javascript out?

Thanks experts
0
Comment
Question by:andieje
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 40460531
A quick look at the Kevin Roth site gives us this:
The Cross-Browser Rich Text Editor (RTE) is based on the designMode() functionality introduced in Internet Explorer 5, ...
Since IE5 is completely obsolete and unsupported by anyone any more, a more reasonable approach might be to learn about one of the modern textarea editors.  The two that are open-source and currently popular are TinyMCE (Used by WordPress) and CKEditor.  Once you dig into the internals of either of those packages you will quickly find ways to do almost everything you want with a rich text editor.

I have not used either in a few years, and technology is always advancing, but I know for sure that TinyMCE has the ability to restrict the types of tags that users can enter.  The docs for valid_elements and invalid_elements describe this.
0
 

Author Comment

by:andieje
ID: 40485709
to summise - it should be possible with the right editor?
0
 

Author Closing Comment

by:andieje
ID: 40489595
thanks
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Add a loading gif while php runs server side 15 65
Get value in session when using dynamic information 24 39
php subtract from date 2 28
MySQL programmer starter 25 22
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question