RE: Scrubbing user inputs

Thread: RE: Scrubbing user inputs

Search this list only Search all lists
RE: Scrubbing user inputs
United States	2008-07-19 08:15:22
This maybe way out ... I have been trying to use the text filter option in Oracle Text using data stored in a BLOB (actually any data file that is loaded into the BLOB). The HTML gets removed for the most part and also the extra stuff from MS-Word. What does not get removed is the formatting when the document is in WordPad and saved as richtext. Regards Amin Adatia KnowTech Solutions Inc ( www.knowtech.ca ) (613) 226-8378 Mobile (613) 864-8378 > Date: Fri, 18 Jul 2008 17:30:34 -0800 > To: ODTUG-WEBDEV-Lfatcity.com > From: Suzanne.Michellenyct.com &gt; Subject: RE: Scrubbing user inputs >; > I am very interested in this problem, because eventually I will face it > too ... users cutting / pasting from MS Word ... what about some sort of > LOB type field? what if users want their formatting preserved? what > about some sort of convert to RTF type data first? (and telling users > they will not be allowed to paste from Word [<hah&gt; my editorial self > says, they'll like THAT] ... but must first save their data as rich > text) > > Suzanne ( 2Bwy A13.32) &gt; desk: 646-252-8663, cell: 347-907-1125 > > -----Original Message----- > John Caputo >; Sent: Friday, July 18, 2008 8:51 PM > To: Multiple recipients of list ODTUG-WEBDEV-L > > The problem here is the text pasted from MS Word IS NOT pure text. It is > binary as well as text. On the upload, it goes in the DB fine. When > retrieved and sent to HTML, it barfs on the binary stuff imbedded within >; the MS Word content. You can scrub all the binary stuff you don't want, > but the user might not be happy. The way MS word creates the bullet is > binary. So the scrubbed text will ose the bullets. &gt; > John Caputo >; johnjcsurewest.net > > > ---- Original message ---- > >Date: Fri, 18 Jul 2008 14:55:28 -0800 > >From: "Raymond De Bruyn" <rdebruynsympatico.ca> > >Subject: RE: Scrubbing user inputs >; >To: Multiple recipients of list ODTUG-WEBDEV-L > ><ODTUG-WEBDEV-Lfatcity.com> > > > > It's hard to tell what's happening without code, but I assume you > are getting a > > successful post and are failing on the redirect. I work in PLSQL Web > Toolkit &gt; > every day and my code for submit is typically: > > > > initialize > > > > perform dml operations > > > > owa_util.redirect_url > > > > If this is what you're doing try commenting out the > owa_util.redirect_url and > > just do an htp.p of the url you've built. Run the form with a pasted >; value > > you've identified as causing the error. Then look at the url > provided. > > > > At one point we had a form that echoed all parameters back to the > original form > > when the dml failed. It worked ok unless the user added too much > text to the > > comments field. The URL built was too long and failed. It seems you > can go to > > about 1500 characters before the URL fails. >; > > > Since you had a PLSQL error, you may be doing an encode URL that's >; throwing the > > error. >; > > > Hope this helps, >; > Ray > > > > > > ---------------------------------------------------------------------- > > ------ >; > > > Hello all, > > > > > > > > I've built a simple html form using the pl/sql web toolkit that > has a place > > for the user to include comments. > > > > It's been in production for months if not years. >; > > > > > > > Recently, we've experienced errors related to the content of the > comments &gt; > and I've traced it to users cutting and pasting content from MS > Word > > directly into the web form comments field. >; > > > Even that is fine except for when the user attempts to paste in > bullets. &gt; > > > > > > > I'll have to handle this on the client-side. Any ideas? >; > > > > > > > > > > > Regards, &gt; > > > > > > > Monty > > > > -- For more information on this topic or to become a member, visit > our Web site > > at http://www.ODTUG.com Join ODTUG for The PL/SQL and The APEX > Expert Gathering > > of the Year! OPP2008 and APEXposed! 2008 will be held on October &gt; 29-30, 2008 at > > the Wyndham O'Hare, Chicago. Visit www.odtugopp.com or > www.odtugapextraining.com > > for more details. -- Author: Raymond De Bruyn INET: > rdebruynsympatico.ca Fat > > City Hosting, San Diego, California -- http://www.fatcity.com > > > --------------------------------------------------------------------- To > REMOVE >; > yourself from this mailing list, send an E-Mail message to: > ListGurufatcity.com > > (note EXACT spelling of 'ListGuru') and in the message BODY, include &gt; a line > > containing: UNSUB ODTUG-WEBDEV-L (or the name of mailing list you > want to be > > removed from). You may also send the HELP command for other > information (like > > subscribing). > > -- > For more information on this topic or to become a member, visit our Web > site at http://www.ODTUG.com > > Join ODTUG for The PL/SQL and The APEX Expert Gathering of the Year! > OPP2008 and APEXposed! 2008 will be held on October 29-30, 2008 at the > Wyndham O'Hare, Chicago. Visit www.odtugopp.com or > www.odtugapextraining.com for more details. &gt; -- > Author: John Caputo >; INET: johnjcsurewest.net > > Fat City Hosting, San Diego, California -- http://www.fatcity.com > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message &gt; to: ListGurufatcity.com (note EXACT spelling of 'ListGuru') and in the > message BODY, include a line containing: UNSUB ODTUG-WEBDEV-L (or the > name of mailing list you want to be removed from). You may also send > the HELP command for other information (like subscribing). > > -- > For more information on this topic or to become a member, visit our Web site at http://www.ODTUG.com > > Join ODTUG for The PL/SQL and The APEX Expert Gathering of the Year! OPP2008 and APEXposed! 2008 will be held on October 29-30, 2008 at the Wyndham O'Hare, Chicago. Visit www.odtugopp.com or www.odtugapextraining.com for more details. &gt; -- > Author: Michelle, Suzanne &gt; INET: Suzanne.Michellenyct.com &gt; > Fat City Hosting, San Diego, California -- http://www.fatcity.com > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message &gt; to: ListGurufatcity.com (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ODTUG-WEBDEV-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing).