将使用 javascript 文本编辑器编写的 html 文本输入存储到我的数据库中是否安全且常规?
假设我正在使用 ckeditor 让用户在我的应用程序中输入他们的文章。文章从客户端查看时看起来还不错,但是从数据库中查询时,就太乱了。
例如,文本正文将存储如下:
<p class="MsoListParagraph" style="margin-left:56.0pt;mso-para-margin-left:0gd;
text-indent:-18.0pt;mso-list:l3 level1 lfo1"><!--[if !supportLists]--><span lang="EN-US" style="font-size: 12pt; font-family: 'Times New Roman';">-<span style="font-size: 12pt; line-height: normal;">
</span></span><!--[endif]--><span lang="EN-US" style="font-size: 12pt; font-family: 'Times New Roman';">Natural selection is a process that individuals
have some heritable characteristics to survive and reproduce at a higher rate
compare to other individuals. Natural selection increases the match between
organisms and environments. Furthermore, as an environment changes or
individuals move to a new place, natural selection may effect of adaptation to
these new conditions by giving rise to new species in the process. Natural
selection can only increase or decrease heritable traits. <u><o:p></o:p></u></span></p>
然后身体被渲染为@article.body.html_safe
有没有更好的方法来处理这个问题?