storing / filtering / retrieving HTML tags in user forum, etc

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I used to use a technique where I changed all "<>" to "[]" when I
stored user-created HTML data from a user post into a database.  When
I displayed it I could change only the tags I wanted back to "<>".  By
rewriting the 'unsanctioned' tags the author's intent would be
visible, if not the content.  Also, this is a guaranteed safe display
technique that preserves the original post.

However, on the site I am working on there might be a million viewers
a day, and that means considerably more processing time.  If I pre-
filter the post before storing I might save 200-2000 filtering
operations, which is considerable.  On a broadcast message I send to
every user the number is in the millions.

I am nearly convinced I will store safe HTML in the database, pre-
filtering and maintaining strict rules about tag acceptability.

Is there a consensus or a forum for discussing the merits of storing
and displaying user-created HTML content?

-- clh

Site Timeline