using markdown in a forum?

Aristotle Pagaltzis pagaltzis at gmx.de
Thu May 6 08:47:36 EDT 2010

Previous message: using markdown in a forum?
Next message: using markdown in a forum?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Louis-David Mitterrand <vindex+lists-markdown-discuss at apartia.org> [2010-05-06 13:25]:

> Fortunately HTML::Scrubber allows denying specific attributes

> based on a regexp:

>

> 'href' => qr{^(?!(?:java)?script)}i,

> 'src' => qr{^(?!(?:java)?script)}i,

>

> etc.

Augh, no. You don’t to *forbid* *specific* things, you want to
*permit* only a limited set and block everything else. In the
simplest case that means you want something like this:

qr{ \A [ \t]* https? :// }ix

That will allow simply-written HTTP links and nothing else.

This is possibly also OK, though I haven’t done enough research:

qr{ \A [ \t]* (:? https? :// | / ) }ix

With this, simply-written site-local absolute links are OK in
addition to HTTP links.

Regards,
--
Aristotle Pagaltzis // <http://plasmasturm.org/>

Previous message: using markdown in a forum?
Next message: using markdown in a forum?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Markdown-Discuss mailing list