Skip to content
This repository has been archived by the owner on Sep 29, 2020. It is now read-only.

Parse event description as markdown. #63

Open
rashfael opened this issue Aug 1, 2017 · 4 comments
Open

Parse event description as markdown. #63

rashfael opened this issue Aug 1, 2017 · 4 comments

Comments

@rashfael
Copy link

rashfael commented Aug 1, 2017

To allow for formatting and clickable links, parse the event description as markdown.

@rixx
Copy link
Contributor

rixx commented Aug 2, 2017

Should involve a list of allowed HTML elements and sending everything through bleach.

@rashfael
Copy link
Author

rashfael commented Aug 2, 2017

Disallowing raw html in markdown should be enough.

@rixx
Copy link
Contributor

rixx commented Aug 2, 2017

It's not that easy, no. Markdown in itself permits HTML (as it is a superset of HTML), and therefore most HTML parsers don't have an option to disable html input entirely. But since user submitted data that is displayed to other users as HTML should be bleached regardless, it's no extra work. Just wanted to make sure we don't forget about this.

@rashfael
Copy link
Author

rashfael commented Aug 2, 2017

What markdown parser would you be using? Marked for example has a "sanitize" option that ignores any source html.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants