Or, use something like w3m http://ei5nazha.yz.yamagata-u.ac.jp/~aito/w3m/eng/index.html to take the html and turn it into plaintext. Pop it into an external method something like the following, and it should do the trick: ---html2msg.py from popen2 import popen2 def html2msg(htmlstring): try: (r, w) = popen2('/usr/local/bin/w3m -dump -S -cols 70 -T "text/html"') w.write(htmlstring) w.close() s = r.read() r.close() return s except: return 'Error converting article to plaintext.' --- It's an ugly hack, and you lose things like <br> and <p>, so you may want to replace \n with <br> afterwards. It does, however, do a brilliant job layout-wise: tables and lists remain fairly well formatted, for example. hth, -- Marcus
-----Original Message----- From: Evan Simpson [mailto:evan@digicool.com] Sent: 08 March 2000 15:06 To: Michel Pelletier; Graham Chiu Cc: zope@zope.org Subject: Re: [Zope] Malicious HTML
----- Original Message ----- From: Michel Pelletier <michel@digicool.com>
Graham Chiu wrote:
I wish to allow users to enter comments into my database
which are then
viewable thru the browser.
Is there a Zope function that I can pass their text thru to remove all HTML?
Nope. There may be some standard python library module that I don't know about, however. Otherwise, you will have to write your own.
On the other hand, if you tell the user up front that HTML tags are not allowed, you can simply html_quote the text. That will prevent any tags from rendering, and prevent normal uses of '<>&' characters from breaking anything.
Cheers,
Evan @ 4-am & digicool
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (1)
-
Marcus Collins