Markdown doesn't always generate XHTML

Waylan Limberg waylan at gmail.com
Fri Mar 14 16:38:23 EDT 2008


On Fri, Mar 14, 2008 at 3:20 PM, Joseph Lorenzo Hall <joehall at gmail.com> wrote:

> On Fri, Mar 14, 2008 at 12:11 PM, Milian Wolff <mail at milianw.de> wrote:

> > >

> > > I have two issues with this:

> > > 1. The script tag isn't closed, which means it's not valid XML (and thus

> > > not valid XHTML).

> >

> > This is a bug in my eyes.

>

> Is it markdown's business to correct bad markup input (which, I

> understand, it ignores)?

>

Right, raw html (or anything which looks like html - pretty much
anything between < and >) is simply passed through unchanged. If the
input is not valid, then the output will not be either. That is known
and expected behavior. I'd say a feature! Definitely NOT a bug.

Now, if you want to put your own mechanisms in place to address that,
either before or after markdown is run, you are more than welcome to
do so.

Regarding the security issues, I understand your concerns, but there
are some situations were all document authors are trusted
(authenticated) users and have a legitimate need for that feature. We
can't cut them off for everyone else. However, I know that
Python-Markdown has an option to not allow any html in a document
(this "safe_mode" can be set to either replace with a customizable
message, remove completely, or escape the html). Of course, to stay in
line with the Markdown standard, it is off by default, but very easy
to turn on in your code. Other implementations may offer a similar
option.



--
----
Waylan Limberg
waylan at gmail.com


More information about the Markdown-Discuss mailing list