[Niall] > So the main advantage of going this route (parsing the > XHTML and removing anything > not on a node/attribute whitelist) is that you only have to do the > parsing once (on the input side) and > you can trust the content after that.
That sums it up well. [Niall] > Whereas with the intermediary > markup you never trust it and have > to do the cleaning + parsing every time. What do you mean "intermediary markup"? If you're talking about something like ReST or markdown, then you're going to have to transform that to (x)HTML at some stage for rendering in a browser. You could do that once, at input time for example, sanitize the resulting xhtml, and always use that rendered representation; think of it like caching. But it seems to me your primary reason against using an xhtml-based editing component is that it opens up the risk of harmful content. But that's easily resolved, as we've seen. Forcing users of a web page to learn a new markup language is almost always a bad idea, unless you're dealing solely with an audience of coders. Real people, i.e. non coders ;-), like WYSIWYG. Alan. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Python Ireland" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.ie/group/pythonireland?hl=en -~----------~----~----~----~------~----~------~--~---
