On Fri, Mar 14, 2008 at 3:20 PM, Joseph Lorenzo Hall <[EMAIL PROTECTED]> wrote: > On Fri, Mar 14, 2008 at 12:11 PM, Milian Wolff <[EMAIL PROTECTED]> wrote: > > > > > > I have two issues with this: > > > 1. The script tag isn't closed, which means it's not valid XML (and thus > > > not valid XHTML). > > > > This is a bug in my eyes. > > Is it markdown's business to correct bad markup input (which, I > understand, it ignores)? > Right, raw html (or anything which looks like html - pretty much anything between < and >) is simply passed through unchanged. If the input is not valid, then the output will not be either. That is known and expected behavior. I'd say a feature! Definitely NOT a bug.
Now, if you want to put your own mechanisms in place to address that, either before or after markdown is run, you are more than welcome to do so. Regarding the security issues, I understand your concerns, but there are some situations were all document authors are trusted (authenticated) users and have a legitimate need for that feature. We can't cut them off for everyone else. However, I know that Python-Markdown has an option to not allow any html in a document (this "safe_mode" can be set to either replace with a customizable message, remove completely, or escape the html). Of course, to stay in line with the Markdown standard, it is off by default, but very easy to turn on in your code. Other implementations may offer a similar option. -- ---- Waylan Limberg [EMAIL PROTECTED] _______________________________________________ Markdown-Discuss mailing list Markdown-Discuss@six.pairlist.net http://six.pairlist.net/mailman/listinfo/markdown-discuss
