Re: when rational discussion was still a possibility
andrei_fangli at hotmail.com
Sat Sep 6 04:10:14 EDT 2014
True, xss hack prevention is a requirement regardless of where markdown transformation takes place. However…
While on the back end the only concern is xss, while when parsing at the front end and sending it to the server the whole input has to be validated for html and xss.
From: Alan Hogan
Sent: Saturday, 6 September 2014 10:59
To: markdown-discuss at six.pairlist.net
> On Sep 6, 2014, at 12:08 AM, Andrei Fangli <andrei_fangli at hotmail.com> wrote:
There’s little difference: if you are accepting markdown from untrusted users, you MUST also pass the resulting HTML through an XSS filter of some sort, no matter whether the markdown transform happens on the front or back end.
Markdown-Discuss mailing list
Markdown-Discuss at six.pairlist.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Markdown-Discuss