DOCTYPE Problem

Forum Moderators: open

Message Too Old, No Replies

DOCTYPE Problem

TravelSite

9:49 am on Jul 1, 2005 (gmt 0)

One of my more dynamic sites allows users to enter html content themselves (in certain parts of the page). This unfortunetly makes selecting a page DOCTYPE slightly more complicated!

Does anyone have suggestions as to the best DOCTYPE to use in this type of situation?

collymellon

10:08 am on Jul 1, 2005 (gmt 0)

I think this depends on the extent they are going to edit the HTML.

Using the most common doc types you shouldn't have problems so long as they are using basic HTML coding

Robin_reala

12:51 pm on Jul 1, 2005 (gmt 0)

The ideal solution to this is to validate the HTML the users enter on the server before it gets pushed live. There are packages that'll do this for you, although it's not an area I've looked into before.

The alternative is to use something like markdown [daringfireball.net] to abstract your page code from the code they enter.

g1smd

1:10 pm on Jul 1, 2005 (gmt 0)

I would go for HTML 4.01 Transitional at the least.

TravelSite

1:20 pm on Jul 1, 2005 (gmt 0)

- That's what I was trying to aim for at the moment.

Robins ideal about validating sounds good. I'll have a look at markdown as well.

Many thanks everyone :)

rocknbil

6:10 pm on Jul 1, 2005 (gmt 0)

Not a problem at all. If your users are entering HTML, you have a server-side function allowing a list of acceptable tags.

If you don't do this, users can add all sorts of nasty things, like <object> tags pointing to their custom-made ActiveX object, used to violate security (for example.)

Falls back to the same security issue, screen your input and accept only valid stuff, throw everything else away, including deprecated (font/center!) tags. At the very least, your system should include a series of tools to add correct markup where required (span instead of font, for example) and selections for markup style from your style sheet.

encyclo

6:26 pm on Jul 1, 2005 (gmt 0)

rocknbil is quite right about the problem of accepting raw HTML from third-parties - you must sanitize the input and strip out anything dangerous. Rather than reinventing the wheel, using abstaction layers like Markdown, BBcode or Textile is a good option as well.

For the doctype, HTML 4.01 Transitional is the most flexible one around, so it is ideal for this kind of thing:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

It may well be impossible to ensure 100% validation due to the user input, but if your basic templates validate and you check incoming markup you should be safe.

g1smd

7:39 pm on Jul 1, 2005 (gmt 0)

I always try to make pages out of headings, paragraphs, lists, tables and forms, with CSS in an external stylesheet, and classes only on blocks that are going to be styled differently to the rest of the page (e.g. footer paragraph).

I avoid <font> tags, and I also avoid the multiple-nested-div hell that many people seem to favour.

DOCTYPE Problem

TravelSite

collymellon

Robin_reala

g1smd

TravelSite

rocknbil

encyclo

g1smd

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week