|
|
|
|
|
|
by egeozcan
1465 days ago
|
|
|
> Sanitize when rendering the HTML, all other paths lead to hell I didn't mean mangle user input when storing. I mean you can do that if you want to parse it and store it as a semantic subset to deliver to the devices that can't render HTML (yes they exist), but I digress. You can sanitize any piece of HTML to a meaningful subset when rendering (well, before render, if you are doing on the server-side) with virtually any language by choosing among many solid libraries. |
|
|