* Allan Odgaard <[email protected]> [2010-05-01 13:15]: > If you allow Markdown you need to consider whether or not you > want to filter out HTML tags (you probably do want to filter > them out due to security). If you do filter them out, you force > users e.g. to use Markdown links which for non-technical users > might be done best using some widget (but the same is true of > BBCode).
The correct solution is to filter the *output* of Markdown based on a tag whitelist. That way it doesn’t matter whether people write `<em>foo</em>` or `*foo*`, as indeed it shouldn’t. And it’s not impossible to write a 100% solid filter if you use a *white*list applied to a real HTML parser. Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/> _______________________________________________ Markdown-Discuss mailing list [email protected] http://six.pairlist.net/mailman/listinfo/markdown-discuss
