HTML::StripScripts and markdown incompatibilities

Michel Fortin michel.fortin at michelf.com
Tue Aug 24 08:41:05 EDT 2010


Le 2010-08-24 à 8:27, Louis-David Mitterrand a écrit :


> Hi,

>

> I'm using perl's HTML::StripScripts to clean out unwanted/broken html

> from forum post on my web site but it also removes <http://example.com>

> or <user at example.com> markdown constructs.

>

> Any idea how to make these two live together in harmony?


Are you calling StripScripts before or after Markdown? You should always filter tags after converting to HTML, as it seems StripScripts was designed to filter HTML, not Markdown-formatted text.

Long explanation:
<http://michelf.com/weblog/2010/markdown-and-xss/>

--
Michel Fortin
michel.fortin at michelf.com
http://michelf.com/





More information about the Markdown-Discuss mailing list