How do I switch between allowing 1 type of content or another? you need to limit it to layout/style tags?
I would like to know how it is done. I use asp.net
I read this in a post but there was no elaboration on it. Id like some clarification:
There's no general validation mechanism, it all depends on what you are using it for. If you want HTML editor for blog/forum posts, you need to limit it to layout/style tags (<p>, <b>, <div>, etc). If you want a blog editor, you want the entire HTML to be accepted as is, except script or server tags, but you want to make sure the submitted is authorized properly. If you want a CMS system, pretty much everything should be accepted, but in this case you really have to make sure the submitter is authorized properly - allowing unauthorized person to submit server code (ASP/PHP tags etc) will cost you a server.
I would like to know how it is done. I use asp.net
I read this in a post but there was no elaboration on it. Id like some clarification:
There's no general validation mechanism, it all depends on what you are using it for. If you want HTML editor for blog/forum posts, you need to limit it to layout/style tags (<p>, <b>, <div>, etc). If you want a blog editor, you want the entire HTML to be accepted as is, except script or server tags, but you want to make sure the submitted is authorized properly. If you want a CMS system, pretty much everything should be accepted, but in this case you really have to make sure the submitter is authorized properly - allowing unauthorized person to submit server code (ASP/PHP tags etc) will cost you a server.