Event description sanitization
|Reported by:||pferreir||Owned by:|
Since we are using HTML in the description fields, we have to escape it when we present i.e. search results. The result is not always nice, as people often need markup.
There are several solutions here (and the final one might be the combination of them):
- Whitelist a restricted set of HTML tags and render them in the output;
- Render the output as plain text (if not for the web interface, it could be useful for the iCal/RSS part);
- Just remove HTML;