> I also agree with your opposition to them; if anything, one > should filter the *output* of a Markdown-to-HTML conversion > so that it won't matter whether people write literal `<em>` > tags or use asterisks.
This is true in theory... I actually just recently write something along those lines in Lua [1] to use with my Lua wiki. The idea is to do as you suggest: Convert from MD to HTML first, then filter the HTML. To make it safe, I parse HTML as XHTML and complain if it doesn't parse. Hence a problem: if the user screws up with their HTML (and my filter is pretty unforgiving), it becomes hard to communicate to them what went wrong. I can tell them where there is a problem in the overall HTML, but this doesn't help much, since the user didn't know there was all of this HTML to begin with. There is no easy way to show them where the problem occurred relative to the input that they provided, or to show them the content with just _their_ HTML escaped. So, a good solution in Markdown itself actually would be a good thing. - yuri [1]: http://sputnik.freewisdom.org/lib/xssfilter/ -- http://sputnik.freewisdom.org/ _______________________________________________ Markdown-Discuss mailing list [email protected] http://six.pairlist.net/mailman/listinfo/markdown-discuss
