Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
html tag
thetryr
New
can i know the list of html tags that allowed to post?
Or maybe the allowed tags if posible.
0
Answers
Under comment textarea in your forum is a link. Says simple html etc click it.
There was an error rendering this rich post.
the Markdown link? I cant found that. Can u please paste the link u meant
http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s3.3
grep is your friend.
btw some of those are explicitly disallowed
*-applet-form-input-textarea-iframe-script-stylegrep is your friend.
thanks so much. It helped me.
for security reason i prefer to strip_tags and just allow the the ordinary bold,italic, etc
Well then you could use BBCode formatter. Or you can create your ow white list for htmlLawed.
I understand why you would think like that but honestly the situation is not as bad as you think.
Honestly though the security concern is stuff using styling to misdirect. One solution I've used is to ban style attribute, and then have a white list of approved classes.
forms-inputs,etc are explicitly banned, so it is not like you could create a fake logon form. You probably want to stop positioning techniques like negative margin.
there is no srcipting allowed.
grep is your friend.
htmlawed seem to be better.
I'll learn more about htmlawed. Many thanks again
You can do what you want with htmLawed, read their docs for info.
If tags are malformed, it spits out reasonable, parsable markup.
Anyway it quite nice to at least give you user the option of doing other things like tables, lists, etc. Not every know, but it allows people to
O do understand those that don't want random colours, but HtmLawed can make it easier to be spefic about stuff like that.
Although it could be easier to just to style the comment class with baground-color, border-color, outline-color,background-image set with !important, and that will overrule poor taste.
There is a certain amount to be said for just firefighting when somebody has made a total mess. Because you are goign to get some nice original content too.
grep is your friend.
If you go the approved classes route, you need to adapt any wysiwyg editor to use the classes rather then style attributes.
grep is your friend.