[PHPTAL] How To Prevent HTML escaping
Joshua Paine
lists at fairsky.us
Thu Apr 13 12:38:21 CEST 2006
<div tal:content="structure my/safe/string"></div>
or if you hook up textile as a phptal_tales operator you can do:
<div tal:content="structure textile:safe/string/directly/from/db"></div>
But remember that it is possible for users to ignore the textile format
and type HTML directly into textile, so unless you strip tags or really
trust your users, running it through textile doesn't actually make it safe.
--
Joshua Paine
Chief Tower Builder
LetterBlock Software
http://letterblock.com/
More information about the PHPTAL
mailing list