So I have some user generated content areas of my site. I want them to be able to use html for markup purposes, but I don't want them to be able to execute any arbitrary javascript.
From my understanding raw() will just output everything, html, javascript, and all right into the webpage.
Is there a method that will allow raw rendering of html but not allow rendering of javascript?
Have a look at sanitize
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.