Adding a "Safe" option?

Jason Clark jason at jclark.org
Sat May 1 00:15:33 EDT 2004


On Apr 30, 2004, at 6:56 PM, John Gruber wrote:

> Michel Fortin <michel.fortin at michelf.com> wrote on 04/30/04 at 6:26p:
>
>> Only code spans? What about text inside a list item, like:
>>
>>   1.  This is a wonderful list item!
>>       May I <ins>insert</ins> some HTML into it?
>>
>> The second line in this example is indented but not a code block. It
>> probably won't happen often however.
>
> Oh, shoot, you're right. Plus you'd have to worry about extra
> paragraphs within list items:
>
>     1.  Foo
>
>         Bar <tag>...</tag>
>
>     2.  Baz.
>
> -J.G.

I started typing up an idea for implementing this with several more 
steps when I realized I'm over-thinking this (not the first time, won't 
be the last).

If we accept the the correct way to handle user-HTML (non-code stuff) 
is to encode it instead of stripping it, then this becomes much easier. 
  Right now, the meat of code-handling is _EncodeCode, which takes a 
chunk of text (could be a block or span), converts `< > &` to `&lt; 
&gt; &amp;` respectively, and then escapes Markdown special characters 
like `* _ [ ]` etc.  How about when in Comment mode, we do the first 
part (convert `< > &`) before we do anything else, and then we skip 
that part in _EncodeCode.  This way, *all* html tags, whether in a code 
span/block or not, get encoded, and code-span/block html doesn't get 
double-encoded.

I think I'll experiment with this implementation, probably tommorow.  
I'm only about 85% convinced I want random user HTML encoded instead of 
discarded, but it's a real start.

Jason Clark <jason at jclark.org>
http://jclark.org/weblog/



More information about the Markdown-discuss mailing list