Yeah, I might take a look at the blog templates and see how they do it. Although I'd be surprised if the comments area on them is a rich text field. And there's no need to do it on the blog documents as you wouldn't expect the blog owner to hack themselves.
Tufty. The editors do allow you to strip out nasty HTML, but any junior hacker would know how to turn this off, if they didn't just disable the editor in the first place. The filtering has to happen server-side.
Yeah, I might take a look at the blog templates and see how they do it. Although I'd be surprised if the comments area on them is a rich text field. And there's no need to do it on the blog documents as you wouldn't expect the blog owner to hack themselves.
Tufty. The editors do allow you to strip out nasty HTML, but any junior hacker would know how to turn this off, if they didn't just disable the editor in the first place. The filtering has to happen server-side.
Jake