8 Mar
2000
8 Mar
'00
1:05 p.m.
----- Original Message ----- From: Michel Pelletier <michel@digicool.com>
Graham Chiu wrote:
I wish to allow users to enter comments into my database which are then viewable thru the browser.
Is there a Zope function that I can pass their text thru to remove all HTML?
Nope. There may be some standard python library module that I don't know about, however. Otherwise, you will have to write your own.
On the other hand, if you tell the user up front that HTML tags are not allowed, you can simply html_quote the text. That will prevent any tags from rendering, and prevent normal uses of '<>&' characters from breaking anything. Cheers, Evan @ 4-am & digicool