Rails - May 2005 - textilize/markdown/sanitize for messageboards, oh my!

Hullo, fellow Railsers!

(warning: this isn''t a 100% Rails specific question, but I guess it
very much applies to what a lot of us are currently doing.)

For a project that involves messageboard functionality I''m looking for
a good way of sanitizing user input, so the silly fools, err, my
wonderful users don''t mess things up too much. I''ve played
around with
Textile (RedCloth), Markdown (BlueCloth), Rail''s new sanitize helper,
and various combinations thereof.

I''ve already decided against Textile, because its syntax is just
backwards (from a simple user''s perspective). On the other hand,
BlueCloth doesn''t seem to give me a lot of control over how much it
actually converts and escapes, which can be an issue.

An example: I''m perfectly okay with *not* allowing my users to use any
straight HTML tags whatsoever. So off I go and pass the :filter_html
option to BlueCloth, which works great *except* now BlueCloth escapes
HTML inside code blocks (blocks indented by 4 spaces) twice, which is
not what it should be doing, I believe.

To cut a long story, er, short, I don''t feel like I''m on the
right
path here (considering some other parts of BlueCloth''s syntax are
somewhat iffy, once again from a simple user''s perspective. Like the
way it handles links. Ugh!). Let''s forget about all the fancy stuff
BlueCloth does; in the end, I really just want a simple formatting tag
syntax so my users can use bold, italic, blockquotes and maybe named
links in their messageboard posts. Assuming I''m not the first person
in this situation: does anybody have or know of a piece of code that
is just *perfect* for messageboard action? How did you guys tackle
this?

(read: please don''t make me write something myself. Haha!)

Thanks,
Hendrik

I''m also interested in this and I also like the BlueCloth approach a
little better.  It looks like just a few improvements would make it
very usable.  The code block bug you mentioned already has a patch
submitted.  There are 3 ways to generate links.  Do you dislike all of
them?

In addition to your short list of requirements, I also like the
ability for my users to generate headers, lists and tables.

Surely helping BlueCloth with these last few issues or helping
RedCloth with its markdown support would be easier than inventing yet
another system.

On 5/24/05, Hendrik Mans
<hendrik.mans-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Hullo, fellow Railsers!
> 
> (warning: this isn''t a 100% Rails specific question, but I guess
it
> very much applies to what a lot of us are currently doing.)
> 
> For a project that involves messageboard functionality I''m looking
for
> a good way of sanitizing user input, so the silly fools, err, my
> wonderful users don''t mess things up too much. I''ve
played around with
> Textile (RedCloth), Markdown (BlueCloth), Rail''s new sanitize
helper,
> and various combinations thereof.
> 
> I''ve already decided against Textile, because its syntax is just
> backwards (from a simple user''s perspective). On the other hand,
> BlueCloth doesn''t seem to give me a lot of control over how much
it
> actually converts and escapes, which can be an issue.
> 
> An example: I''m perfectly okay with *not* allowing my users to use
any
> straight HTML tags whatsoever. So off I go and pass the :filter_html
> option to BlueCloth, which works great *except* now BlueCloth escapes
> HTML inside code blocks (blocks indented by 4 spaces) twice, which is
> not what it should be doing, I believe.
> 
> To cut a long story, er, short, I don''t feel like I''m on
the right
> path here (considering some other parts of BlueCloth''s syntax are
> somewhat iffy, once again from a simple user''s perspective. Like
the
> way it handles links. Ugh!). Let''s forget about all the fancy
stuff
> BlueCloth does; in the end, I really just want a simple formatting tag
> syntax so my users can use bold, italic, blockquotes and maybe named
> links in their messageboard posts. Assuming I''m not the first
person
> in this situation: does anybody have or know of a piece of code that
> is just *perfect* for messageboard action? How did you guys tackle
> this?
> 
> (read: please don''t make me write something myself. Haha!)
> 
> Thanks,
> Hendrik
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

Barry Walker wrote:
>I''m also interested in this and I also like the BlueCloth 
>
Here are some reasons why I prefer RedCloth over BlueCloth for a markup 
engine to use in the public web space (Instiki supports both):

* BlueCloth raises errors on invalid syntax (instead of ignoring it) - 
that''s the main issue
* I get more bug reports about markup engine bugs from BlueCloth users, 
despite the fact that most Instiki installations use RedCloth
* it is easier to drive markup complexity to the point of "stack 
overflow" in regexp engine (I''m not sure if it is even possible
with the
current RedCloth, but for BlueCloth it is fairly easy)

-- 
Best regards,

Alexey Verkhovsky

Ruby Forum: http://ruby-forum.org        (moderator)
RForum:     http://rforum.andreas-s.net  (co-author)
Instiki:    http://instiki.org           (maintainer)

I should have said I prefer MarkDown to Textile.  Better MarkDown
compliance in RedCloth may be the best of both worlds.