Post Archive

› February 23, 2003

Safe HTML

  • Reported by Nate

Simon has folded in the ability to add HTML to comments on his weblog, but he's not going to let you mess up his site, or invalidate his code. Thanks to a php based xml parsing class he is validating his comments and limiting the allowed tags and attributes. The implementation may be strict, but in a way it's quite liberating because you can sit there and code out all the paragraphs, blockquotes and list items you want, and do so with the confidence of knowing that if you forget to close a tag, a detailed report will be provided outlining what needs to be corrected. Check out the requirements he was working with and more details on the implementation at his post about it.

Comments

1. February 24, 2003 09:21 AM

Quote this comment

Joshua Kaufman Posted…

Note, for those of you using Movable Type, maintaining control over what tags people use in comments is possible using Sanitize, Brad Choate's plugin which is now wrapped into MT. Also, Validable is a MT plugin that "corrects many of the most common 'invalid' constructs" by applying simple changes to the HTML. It could serve as another alternative to those who don't or can't use Simon's SafeHTMLChecker.

2. February 24, 2003 11:43 AM

Quote this comment

Nate Posted…

Joshua thanks for the tip! Both of those solutions look great, but they lack the reporting that Simon's SafeHTML outputs. I wonder how difficult it would be to fold in Simon's class into an MT site. Surely if one knows what they are doing it wouldn't be difficult?