Le mercredi 18 octobre 2017, 20:38:47 CEST Sam Whited a écrit : > On Wed, Oct 18, 2017, at 12:40, Goffi wrote: > > If we base the debate on devs not really taking care of security (which > > was > > the initial issue with XHTML-IM) or path of less resistance, they will > > most > > probably just send the raw Markdown to the list, were HTML can be > > executed. > > It would also require manually unescaping the body first, otherwise > you'd just get a message that said "<script>". > So it now requires manually screwing something up to lead to a security > issue instead of the default being an issue. > > —Sam > _______________________________________________ > Standards mailing list > Info: https://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: [email protected] > _______________________________________________
??? you necessarily have to unescape text content from the XML. When somebody is doing quotation in Markdown, would you put > the quotation ? _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
