WMD Markdown and server-side
Posted
on Stack Overflow
See other posts from Stack Overflow
Published on 2009-07-23T19:56:35Z
Indexed on
2010/04/04
8:03 UTC
Read the original article
Hit count: 513
Hello,
I work since 2 days on WMD & Markdown and i don't find THE solution for stock data with security. I would like users can post html/xml (with WMD) on my site. For the moment, I stock data in Markdown format but If I disabled JavaScript the user can push easy XSS. If I strip_tags or html_entities all data i loose the user html/xml . How can I do ?
In my opinion I must html_entities just the code between pre /pre, but how?! my data is in Markdown.
After, how I can do for forbid xss attributes :
<img src="javascript:alert('xss');" />
Sorry for my rusty english.
MaxoU
© Stack Overflow or respective owner