Adding a "Safe" option?
Jason Clark
jason at jclark.org
Tue Apr 27 20:03:54 EDT 2004
On Apr 27, 2004, at 4:22 AM, Lou Quillio wrote:
> But does it really make sense? Scrubbing *after* Markdown is cleaner,
> easier, consistent with the user experience you want, and contends
> directly with the goal of stripping unsafe tags. This might be a case
> where the solution isn't a hack, but a concise description of the
> rules ("Images and script will be stripped"). Plus you've got
> mandatory preview.
At first, I thought so too. It would be easier to scrub the Markdown
*output*, but I have an ulterior motive which I neglected to mention...
my site is xhtml1.1 strict, and I do not want a comment to be able to
make a page invalid. Markdown is garanteed to output valid xhtml, but
users aren't. I *could* validate the comment during the preview, and
make the user correct it (I've seen sites that do this), but I'd rather
not need a built in validator, and I dislike making the user correct
their markup. By making literal html invalid in comments, I can avoid
the problem.
> And these are only comments, anyhow. [Just left one, btw.][1]
>
Thanks!
Jason Clark <jason at jclark.org>
http://jclark.org/weblog/
More information about the Markdown-discuss
mailing list