Do you have a question? Post it now! No Registration Necessary. Now with pictures!
April 24, 2007, 6:25 pm
rate this thread
I used to use a technique where I changed all "<>" to "" when I
stored user-created HTML data from a user post into a database. When
I displayed it I could change only the tags I wanted back to "<>". By
rewriting the 'unsanctioned' tags the author's intent would be
visible, if not the content. Also, this is a guaranteed safe display
technique that preserves the original post.
However, on the site I am working on there might be a million viewers
a day, and that means considerably more processing time. If I pre-
filter the post before storing I might save 200-2000 filtering
operations, which is considerable. On a broadcast message I send to
every user the number is in the millions.
I am nearly convinced I will store safe HTML in the database, pre-
filtering and maintaining strict rules about tag acceptability.
Is there a consensus or a forum for discussing the merits of storing
and displaying user-created HTML content?