using markdown in a forum?
pagaltzis at gmx.de
Sun May 2 08:01:06 EDT 2010
* Allan Odgaard <1EDF4D33-D1B1-4C97-A393-3D2B4EE5E095+Markdown at uuid-mail.com> [2010-05-01 13:15]:
> If you allow Markdown you need to consider whether or not you
> want to filter out HTML tags (you probably do want to filter
> them out due to security). If you do filter them out, you force
> users e.g. to use Markdown links which for non-technical users
> might be done best using some widget (but the same is true of
The correct solution is to filter the *output* of Markdown based
on a tag whitelist. That way it doesn’t matter whether people
write `<em>foo</em>` or `*foo*`, as indeed it shouldn’t.
And it’s not impossible to write a 100% solid filter if you use
a *white*list applied to a real HTML parser.
Aristotle Pagaltzis // <http://plasmasturm.org/>
More information about the Markdown-Discuss