Re: [Php-calendar-discussion] adding Pictures or HTML to event posting
Brought to you by:
sproctor
From: Gabriel H. <ga...@ga...> - 2009-05-30 12:59:02
|
2009/5/29 Sean Proctor <spr...@gm...> > Hi, > > I'm real sorry about being so quiet for such a long time. I have 2 points > to this email. > > 1. Does anyone have a good idea of how to allow HTML in posts that prevents > XSS attacks? I don't personally feel like writing a custom parser for it. > I'd love to help someone else, or adapt some existing code if someone has a > suggestion. I'd err on the side of caution and take the approach of the forums and only allow basic formatting using custom tags but if you want full html I'm sure it would be okay to simple reject and submission which has the script tag and maybe one or two others (can't think what they'd be right now). > 2. I've quietly been working on some pretty massive improvements. This is > going to be a 2 or 3 stage process. The multiple calendar aspect is greatly > expanded on. There are a few issues left to be resolved here, but nothing > major. I added permissions for users to individual calendars, global admins, > calendar admins. The admin options are expanded, but I need to finish off a > few things. Also, I added a file to embed in another framework. Work left to > do is update the installer, create an update script if necessary, and finish > the few minor parts left. The updater might not be able to fully encompass > everything and I'm not really into creating since I won't be using it. If > anyone feel like taking on that task, I would love to help. Also, PHP 5.0+ > is now required and MySQL 4.1+. I dropped support for other DB's because I > don't use them and I don't want to try to support them in an untested way > until someone actually needs support for a different DB. > I've finally decided to move over to google for my calendar. I've not transferred all my info from my php-calendar yet so may look at a google API to allow it to be displayed as a separate calendar. Has anyone else done this? Gabriel |