Louis-David Mitterrand
2010-Aug-24 12:27 UTC
HTML::StripScripts and markdown incompatibilities
Hi, I'm using perl's HTML::StripScripts to clean out unwanted/broken html from forum post on my web site but it also removes <http://example.com> or <user at example.com> markdown constructs. Any idea how to make these two live together in harmony? Thanks, -- http://www.cruisefish.net
Le 2010-08-24 ? 8:27, Louis-David Mitterrand a ?crit :> Hi, > > I'm using perl's HTML::StripScripts to clean out unwanted/broken html > from forum post on my web site but it also removes <http://example.com> > or <user at example.com> markdown constructs. > > Any idea how to make these two live together in harmony?Are you calling StripScripts before or after Markdown? You should always filter tags after converting to HTML, as it seems StripScripts was designed to filter HTML, not Markdown-formatted text. Long explanation: <http://michelf.com/weblog/2010/markdown-and-xss/> -- Michel Fortin michel.fortin at michelf.com http://michelf.com/