Hullo, fellow Railsers! (warning: this isn''t a 100% Rails specific question, but I guess it very much applies to what a lot of us are currently doing.) For a project that involves messageboard functionality I''m looking for a good way of sanitizing user input, so the silly fools, err, my wonderful users don''t mess things up too much. I''ve played around with Textile (RedCloth), Markdown (BlueCloth), Rail''s new sanitize helper, and various combinations thereof. I''ve already decided against Textile, because its syntax is just backwards (from a simple user''s perspective). On the other hand, BlueCloth doesn''t seem to give me a lot of control over how much it actually converts and escapes, which can be an issue. An example: I''m perfectly okay with *not* allowing my users to use any straight HTML tags whatsoever. So off I go and pass the :filter_html option to BlueCloth, which works great *except* now BlueCloth escapes HTML inside code blocks (blocks indented by 4 spaces) twice, which is not what it should be doing, I believe. To cut a long story, er, short, I don''t feel like I''m on the right path here (considering some other parts of BlueCloth''s syntax are somewhat iffy, once again from a simple user''s perspective. Like the way it handles links. Ugh!). Let''s forget about all the fancy stuff BlueCloth does; in the end, I really just want a simple formatting tag syntax so my users can use bold, italic, blockquotes and maybe named links in their messageboard posts. Assuming I''m not the first person in this situation: does anybody have or know of a piece of code that is just *perfect* for messageboard action? How did you guys tackle this? (read: please don''t make me write something myself. Haha!) Thanks, Hendrik
Barry Walker
2005-May-24 19:53 UTC
Re: textilize/markdown/sanitize for messageboards, oh my!
I''m also interested in this and I also like the BlueCloth approach a little better. It looks like just a few improvements would make it very usable. The code block bug you mentioned already has a patch submitted. There are 3 ways to generate links. Do you dislike all of them? In addition to your short list of requirements, I also like the ability for my users to generate headers, lists and tables. Surely helping BlueCloth with these last few issues or helping RedCloth with its markdown support would be easier than inventing yet another system. On 5/24/05, Hendrik Mans <hendrik.mans-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hullo, fellow Railsers! > > (warning: this isn''t a 100% Rails specific question, but I guess it > very much applies to what a lot of us are currently doing.) > > For a project that involves messageboard functionality I''m looking for > a good way of sanitizing user input, so the silly fools, err, my > wonderful users don''t mess things up too much. I''ve played around with > Textile (RedCloth), Markdown (BlueCloth), Rail''s new sanitize helper, > and various combinations thereof. > > I''ve already decided against Textile, because its syntax is just > backwards (from a simple user''s perspective). On the other hand, > BlueCloth doesn''t seem to give me a lot of control over how much it > actually converts and escapes, which can be an issue. > > An example: I''m perfectly okay with *not* allowing my users to use any > straight HTML tags whatsoever. So off I go and pass the :filter_html > option to BlueCloth, which works great *except* now BlueCloth escapes > HTML inside code blocks (blocks indented by 4 spaces) twice, which is > not what it should be doing, I believe. > > To cut a long story, er, short, I don''t feel like I''m on the right > path here (considering some other parts of BlueCloth''s syntax are > somewhat iffy, once again from a simple user''s perspective. Like the > way it handles links. Ugh!). Let''s forget about all the fancy stuff > BlueCloth does; in the end, I really just want a simple formatting tag > syntax so my users can use bold, italic, blockquotes and maybe named > links in their messageboard posts. Assuming I''m not the first person > in this situation: does anybody have or know of a piece of code that > is just *perfect* for messageboard action? How did you guys tackle > this? > > (read: please don''t make me write something myself. Haha!) > > Thanks, > Hendrik > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
Alexey Verkhovsky
2005-May-24 23:48 UTC
Re: textilize/markdown/sanitize for messageboards, oh my!
Barry Walker wrote:>I''m also interested in this and I also like the BlueCloth >Here are some reasons why I prefer RedCloth over BlueCloth for a markup engine to use in the public web space (Instiki supports both): * BlueCloth raises errors on invalid syntax (instead of ignoring it) - that''s the main issue * I get more bug reports about markup engine bugs from BlueCloth users, despite the fact that most Instiki installations use RedCloth * it is easier to drive markup complexity to the point of "stack overflow" in regexp engine (I''m not sure if it is even possible with the current RedCloth, but for BlueCloth it is fairly easy) -- Best regards, Alexey Verkhovsky Ruby Forum: http://ruby-forum.org (moderator) RForum: http://rforum.andreas-s.net (co-author) Instiki: http://instiki.org (maintainer)