[pLog-svn] blog comment (fwd)
Oscar Renalias
oscar at renalias.net
Sun Jul 16 21:08:25 GMT 2006
We're already doing it.
This is from class/action/addcommentaction.class.php:
$this->_commentText = trim($this->_request->getValue
( "commentText" ));
...
$this->_commentText = $tf->xhtmlize($tf->filterHTML
( $this->_commentText ));
the method Textfilter::xhtmlize() uses kses, so perhaps there is
something that kses isn't catching.
On 17 Jul 2006, at 00:03, Jon Daley wrote:
> I was thinking that we could do the same kses stuff that we do for
> posts, if the user selects that option.
>
> On Sun, 16 Jul 2006, Oscar Renalias wrote:
>
>>>
>>> So, all that to say, what should happen when the blog
>>> owner, or
>>> comment poster paste invalid html?
>>
>> It's hard to say, but currently it will probably break.
>>
>> The only option would be to write an HTML parser (the kses class gets
>> quite close to that) or use the 'tidy' extension in PHP5 if
>> available.
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://devel.lifetype.net/mailman/listinfo/plog-svn
>>
>
> --
> Jon Daley
> http://jon.limedaley.com/
>
> The most wasted of all days is one without laughter.
> -- e. e. cummings
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
More information about the pLog-svn
mailing list