Hello Natacha, > Datum: Fri, 13 Jan 2012 16:06:07 +0100 > Von: "Natacha Porté" <nata...@instinctive.eu> > An: fossil-users@lists.fossil-scm.org > Betreff: Re: [fossil-users] Supporting markwon syntax for wiki
> Good, I'm glad to see you are aware of the "hard part" (yes, you > understood correctly what I meant), and that you have even put some > thoughts into it. That covers all I was worried about, so > congratulations for what you've done and I wish you success for what > remains to be done. Yep, there is still the bigger part to be done, d'accord :-) > I'm only a bit sad about the duplication of work in including different > markdown engines into fossil. However I like to believe I still have a > head-start in that I'm already willing to hand over copyright (assuming > I can keep it over my own independant copy). Oh, that I grabbed `discount` is rather coincidental: it is one of the few C-only implementations (that I know of, the other one being Fletcher T. Penney's [`multimarkdown`] [1]). Furthermore, it has a BSD- style licence and is intended to be used as a library. > Also, according to a private communication from a github employee, they > switched from discount to a fork of my library because of "several > critical security vulnerabilities that are not quite trivial to fix". I > haven't been able to gather any further details, but considering how > wide wiki-append-permissions seem supposed to be, I wouldn't treat wiki > contents as trusted. Didn't know that. On their [website] [2] they (still?) profess to use `Redcarpet`, a wrapper around the `Sundown` library (that I don't know much either). Anyway, I'm not fixated on `discount` and would happily try out your library as well, if that's alright with you. What is needed by me is basically a simple "string-in-string-out" API. > But then again, standard markdown allows raw HTML inclusion, so security > issues will eventually be raised (at least for people like me who would > not trust wiki contributors with raw HTML). You have point. Maybe it is possible to "tame" the generated HTML by checking for and removing of elements and attributes that are "out of limits" ...? Thanks for your support! Martin [1]:https://github.com/fletcher/peg-multimarkdown [2]:http://github.github.com/github-flavored-markdown/ -- "Okay, buzzwords only. Two syllables, tops." -- Laurie Anderson _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
