Just discussing this with some colleagues today and we got onto a marshalling data and it occured to us it would be nice to do something like <input type="text" name="something:html:p:br"> that would only allow p and br in the html. Ok, its easy to get around with a fake form, but how about being able to only specify certain html tags in metadata in the CMF.
You seem to be aware of the fact, but I'd like to point it out explicitely: from a security point of view, this is completely useless. As HTML stripping is often done for security reasons, I fail to see the interest in such a feature. (BTW the :required field is also completely useless for security, and because it's misleading for beginners I even think it's downright harmful). -- Florent -- Florent Guillaume, Nuxeo SARL (Paris, France) +33 1 40 33 79 10 http://nuxeo.com mailto:fg@nuxeo.com