IMO this should be resolved per-server configuration. Consider the risk of XSS attacks: simply treating all comments as text/plain automatically mitigates any past XSS attack attempts. Granted, XSS attacks are not very likely given that few users can be expected to have commit access...
I would prefer that the UI allow the user to select between HTML, wiki, and text/plain, thus allowing for future markup types (e.g., asciidoc); the default (for new comments) should be text/plain. The format of old comments should be given by a server-side configuration parameter. The available formats for new comments should be constrained by a server-side config param. Nico -- _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
