Adding a "Safe" option?
Jon Hart
jhart at starrtechmail.com
Mon Apr 26 22:47:16 EDT 2004
Looking at the code, it wont be easy as I had thought.
MD seems to be quite happy allowing raw html in the text, so that
initially is at odds with what is desired.
MD escapes anything htmlish within code blocks.
What we need to add for safe MD is an initial encoding before MD
processing starts. This needs to account for >'s ( which can be ignored,
or ignored only when relevant ).
There is already a function called _EncodeAmpsAndAngles which just does
ampersands and left angles. Calling this at the start of processing
should result in safe MD output. ie: Any html embedded in the original
text wont work, but will show up.
Next, the function _EncodeCode needs to be made a little less
aggressive, to avoid double encoding of ampersands. This will allow
people to post comments containing sample html code.
Neither change looks too complex, however, MD is based on regex's which
operate on blocks of text, which makes it susceptible to ordering issues.
--
Jon Hart,
Starrtech Interactive,
(808) 544 3099 x 358.
More information about the Markdown-discuss
mailing list