Posted by Hugo <Nabble> on Nov 15, 2011; 3:02am
URL: https://support.nabble.com/G-S-etting-arbitrary-properties-on-user-nodes-is-this-safe-tp6979544p6994998.html

DavidJCobb wrote

how would I go about applying the same HTML processing to these custom properties as that applied to posts? I.e. stripping out SCRIPT tags and the like, while permitting most HTML code? I found process_message_html and the related macros, but I can't get them to work for anything that isn't specifically a message or signature.

We just added a new command to make this possible. The name of the command is "to_html_list" and can be used like this:

<n.to_html_list. text="[n.my_text/]">
	<n.process_message_html/>
</n.to_html_list.>

my_text is your text to be processed. Here is a sample macro with hardcoded text:

<macro name="my_text">
   aaa
   <b>bbb</b>
   ccc
   <script>var i;</script>
   ddd
   <a href="#">link</a>
</macro>

And the result is:

aaa
<b>bbb</b>
ccc
&lt;script&gt;var i;&lt;/script&gt;
ddd
<a href="#" target="_top" rel="nofollow" link="external">link</a>

Please let me know if you have questions.