[Opensource] URL linking in text-field output?
larry hamel
expresso at codeguild.com
Wed May 7 16:42:37 PDT 2003
Hi,
While we are conscious of the threat of Cross site scripting (XSS http://www.cgisecurity.com/articles/xss-faq.shtml ), our particular user base is tightly regulated, and we wish to parse input in order to hyperlink text entries which contain strings like http:// or www. in other words, if you type in some text and include a URL in it, the resulting displayed text, after you submit your entry, would show up in a browser with an underline under the URL, for easy linking. This is similar to the way many mailers handle URLs in received e-mail.
Has anyone done this already? If so, can you post it? Would it be a good, optional addition to the framework?
Since Expresso already parses the "<" symbol from the output, Expresso already disables URLs that have some reference to JavaScript in them.
Larry
More information about the Opensource
mailing list