> Isn't Textile quite suited to this sort of task ?  Wouldn't it be safer ?

It's suited some times for some of the tasks. But its not a general
purpose replacement for HTML.

> I don't personnaly use Basecamp, but if I remember correctly, many
> people view the pages, so what prevents a bad user from doing:
>
> <a href="some link" onclick="do potentially bad thing here">Click me !</a>

Basecamp is account restricted. You have to be invited and accept the
invitation to become part of a project and see the content. In this
context, the ability of being able to use HTML outweighs the
risk/impact of malicious users (you usually just participate in
projects with people you know).

On a public forum, it's different. I wouldn't want to allow HTML there.
--
David Heinemeier Hansson
http://www.loudthinking.com -- Broadcasting Brain
http://www.basecamphq.com   -- Online project management
http://www.backpackit.com   -- Personal information manager
http://www.rubyonrails.com  -- Web-application framework
_______________________________________________
Rails-core mailing list
Rails-core@lists.rubyonrails.org
http://lists.rubyonrails.org/mailman/listinfo/rails-core

Reply via email to