Alan Kennedy wrote: > [Niall] > >> So the main advantage of going this route (parsing the >> XHTML and removing anything >> not on a node/attribute whitelist) is that you only have to do the >> parsing once (on the input side) and >> you can trust the content after that. >> > > That sums it up well. > > [Niall] > >> Whereas with the intermediary >> markup you never trust it and have >> to do the cleaning + parsing every time. >> > > What do you mean "intermediary markup"? > > If you're talking about something like ReST or markdown, then you're > going to have to transform that to (x)HTML at some stage for rendering > in a browser. > > You could do that once, at input time for example, sanitize the > resulting xhtml, and always use that rendered representation; think of > it like caching. > > But it seems to me your primary reason against using an xhtml-based > editing component is that it opens up the risk of harmful content. But > that's easily resolved, as we've seen. > > Forcing users of a web page to learn a new markup language is almost > always a bad idea, unless you're dealing solely with an audience of > coders. > > Real people, i.e. non coders ;-), like WYSIWYG. > > Alan. Well the initial plan was a WYSIWYG editor producing markup supported by the Django markup filter (so textile, rest or markdown). Something vaguely like how phpbb does it. The content would then be stored in this markup language and used for display (after going through the appropriate filter) or sent back to a text area for re-editing using the WYSIWYG editor (like WMD).
So the user never had to worry about markup because the editor took care of it, I never had to worry about translating that markup into HTML since Django did it for me and I could always send the content through the escape filter because the markup would be untouched. I'm maintaining a site for very non-technical people who want more control over how their content looks (nothing crazy, just the ability to do things like bold text or make something a heading). My first thought was something like how phpBB deals with this using BBCode and it's editor. Thanks, Niall --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Python Ireland" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.ie/group/pythonireland?hl=en -~----------~----~----~----~------~----~------~--~---
