using markdown in a forum?

Aristotle Pagaltzis pagaltzis at
Sun May 2 08:01:06 EDT 2010

* Allan Odgaard <1EDF4D33-D1B1-4C97-A393-3D2B4EE5E095+Markdown at> [2010-05-01 13:15]:

> If you allow Markdown you need to consider whether or not you

> want to filter out HTML tags (you probably do want to filter

> them out due to security). If you do filter them out, you force

> users e.g. to use Markdown links which for non-technical users

> might be done best using some widget (but the same is true of

> BBCode).

The correct solution is to filter the *output* of Markdown based
on a tag whitelist. That way it doesn’t matter whether people
write `<em>foo</em>` or `*foo*`, as indeed it shouldn’t.

And it’s not impossible to write a 100% solid filter if you use
a *white*list applied to a real HTML parser.

Aristotle Pagaltzis // <>

More information about the Markdown-Discuss mailing list