On Tue, Jan 12, 2010 at 12:35 AM, aw <[email protected]> wrote: > Playing around with the TextileParser code, I am using paraFixer. I > noticed that <b>bold</b> yields bold HTML. Similarly, <em>italic</em> > yields italic HTML. But <strong>bold</strong> does NOT yield bold > HTML... Looks like we need to add some extra tags to the function > isValidTag. I'd like to see tags like <strong>, <i>, and <u> added > for consistency. >
Open a ticket please. > > See: > > http://github.com/dpp/liftweb/blob/master/framework/lift-modules/lift-textile/src/main/scala/net/liftweb/textile/TextileParser.scala#L530 > > > How complete is the Textile support? It is a superset of the Hobix definition: http://redcloth.org/hobix.com/textile/ > Is there a wiki page that > describes what is supported? No, but you're welcome to start one. > The closest thing I could find was > wikipedia: > http://en.wikipedia.org/wiki/Textile_(markup_language)<http://en.wikipedia.org/wiki/Textile_%28markup_language%29> > > I am interested in some basic wiki-markup to HTML translation, like > *bold* and _italic_, but not the more advanced stuff like embedded > images or links to other pages. For security reasons, I am interested > in a layer that escapes offending HTML like <script> or <img> or > something that could be dangerous. Is that what I would get if I > called TextileParser.toHtml(toParse: String, disableLinks: true)? > Script tags are never allowed in. <img> and other links if you pass "true" to disable links. There was a thorough security review of Lift's Textile parser as part of a project I delivered to a large corporate customer. There were no XSS or other vulnerabilities found. That doesn't mean they don't exist, but they are non-obvious and will be *immediately* fixed if found. > > -- > You received this message because you are subscribed to the Google Groups > "Lift" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<liftweb%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/liftweb?hl=en. > > > > -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Surf the harmonics--
You received this message because you are subscribed to the Google Groups "Lift" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.
