There are lots of ways to encode a < character (see below) - which means there are a similar number of ways to encode _every_character. Also - some browsers accept keywords like Javascript when they contain other characters such as line feed. As you noted in another thread // will be interpreted as {Link} in some circumstances. So pattern matching can be very, very difficult
At the same time I don't want to limit the vast majority of our users who just want to provide interesting looking material, including embedding movies & flash on occasion.
Something I've been doing recently is aggressive removal of suspicious characters from short text fields and forcing documents with suspicious textarea fields to remain in draft mode until they're no longer suspicious - obviously that only works if the application has a draft mode for submissions. The checking is done in formula language in field translation events.
There is one thing that's very important to watch out for but I don't really want to explain that in detail here!
Codes for < - not sure what this will look like when submitted...
There are lots of ways to encode a < character (see below) - which means there are a similar number of ways to encode _every_character. Also - some browsers accept keywords like Javascript when they contain other characters such as line feed. As you noted in another thread // will be interpreted as {Link} in some circumstances. So pattern matching can be very, very difficult
At the same time I don't want to limit the vast majority of our users who just want to provide interesting looking material, including embedding movies & flash on occasion.
Something I've been doing recently is aggressive removal of suspicious characters from short text fields and forcing documents with suspicious textarea fields to remain in draft mode until they're no longer suspicious - obviously that only works if the application has a draft mode for submissions. The checking is done in formula language in field translation events.
There is one thing that's very important to watch out for but I don't really want to explain that in detail here!
Codes for < - not sure what this will look like when submitted...
"<": "<": "%3C": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "<": "x3c": "x3C": "u003c": "u003C"