Thursday, December 2, 2010

Safe Html check?

I like the new SafeHtml functionality.
However, how can I best check if a string that I inject in a div
(example: HTML.setHTML(html)) contains script?

I now have made simple checks, like checking for the <script (<SCRIPT)
tag, but that's very fragil and little as you also have the click
events that can be set on an element, etc...

The SafeHtml code escapes all the html tags, which I don't want. i
only want it to escape the "dangerous" piece of texts. How to do this?

--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.

No comments:

Post a Comment