[Opensource] URL linking in text-field output?
Michael Rimov
rimovm at centercomp.com
Wed May 7 20:02:48 PDT 2003
At 04:42 PM 5/7/2003 -0700, you wrote:
>Hi,
>
>While we are conscious of the threat of Cross site scripting (XSS
>http://www.cgisecurity.com/articles/xss-faq.shtml ), our particular user
>base is tightly regulated, and we wish to parse input in order to
>hyperlink text entries which contain strings like http:// or www. in
>other words, if you type in some text and include a URL in it, the
>resulting displayed text, after you submit your entry, would show up in a
>browser with an underline under the URL, for easy linking. This is
>similar to the way many mailers handle URLs in received e-mail.
>
>Has anyone done this already? If so, can you post it? Would it be a good,
>optional addition to the framework?
>
>Since Expresso already parses the "<" symbol from the output, Expresso
>already disables URLs that have some reference to JavaScript in them.
>
>Larry
How about using ANTLR? They already have a couple of html grammars.
http://www.antlr.org/resources.html
The cool thing about it is that since it is full parsing, you could
explicitly allow through the things you want to allow, discard the things
you don't.
-Mike
More information about the Opensource
mailing list