when rational discussion was still a possibility
contact at alanhogan.com
Sat Sep 6 03:59:43 EDT 2014
> On Sep 6, 2014, at 12:08 AM, Andrei Fangli <andrei_fangli at hotmail.com> wrote:
There’s little difference: if you are accepting markdown from untrusted users, you MUST also pass the resulting HTML through an XSS filter of some sort, no matter whether the markdown transform happens on the front or back end.
More information about the Markdown-Discuss