Louis-David Mitterrand <vindex+lists-markdown-disc...@apartia.org<vindex%2blists-markdown-disc...@apartia.org> > wrote:
Should I save the raw unfiltered post to DB and then (1) expand markdown and > (2) filter with StripScripts only when _displaying_ the post? That would > entail keeping some potentially "unclean" posts in the DB and having to > StripScripts them repeatedly. In my opinion the optimal solution is to save each post as is (i.e. as Markdown), convert the post to HTML when required, strip nasties, and *cache the result*. This is the approach I employ in Mango <http://mango.io/wtf?>, and it seems to work well. David On 25 August 2010 00:49, Louis-David Mitterrand < vindex+lists-markdown-disc...@apartia.org<vindex%2blists-markdown-disc...@apartia.org> > wrote: > On Tue, Aug 24, 2010 at 08:41:05AM -0400, Michel Fortin wrote: > > Le 2010-08-24 à 8:27, Louis-David Mitterrand a écrit : > > > > > I'm using perl's HTML::StripScripts to clean out unwanted/broken html > > > from forum post on my web site but it also removes <http://example.com > > > > > or <u...@example.com> markdown constructs. > > > > > > Any idea how to make these two live together in harmony? > > > > Are you calling StripScripts before or after Markdown? You should > > always filter tags after converting to HTML, as it seems StripScripts > > was designed to filter HTML, not Markdown-formatted text. > > > > Long explanation: > > <http://michelf.com/weblog/2010/markdown-and-xss/> > > Actually I save the forum posts to the DB in non-converted markdown and > filtered of any unwanted html. > > Should I save the raw unfiltered post to DB and then (1) expand markdown > and (2) filter with StripScripts only when _displaying_ the post? That > would entail keeping some potentially "unclean" posts in the DB and > having to StripScripts them repeatedly. > > -- > http://www.cruisefish.net > _______________________________________________ > Markdown-Discuss mailing list > Markdown-Discuss@six.pairlist.net > http://six.pairlist.net/mailman/listinfo/markdown-discuss >
_______________________________________________ Markdown-Discuss mailing list Markdown-Discuss@six.pairlist.net http://six.pairlist.net/mailman/listinfo/markdown-discuss
