开发者

How can I disallow all HTML using markdown (PHP and JS)?

I'm using the PHP markd开发者_运维问答own library: http://michelf.com/projects/php-markdown/ and the Javascript markdown library: http://attacklab.net/showdown/

I want to disallow all HTML, both the versions of markdown seem to allow it indiscriminately. My first attempt was simply to escape all html entities before feeding into markdown. However this also escapes the <hyperlink> and <email> syntax, which is very useful.

I'd like to escape all HTML (not remove) but preserve all markdown syntax.


You have two options.

First, you can actually care about the HTML the user submits and do something about it. Try lib_filter by Cal Henderson (of Flickr fame) or maybe something more heavyweight like HTMLPurifier.

Second, if you really only want to neutralize all HTML but keep special syntax, use htmlspecialchars and then undo the conversions for the exact strings you're looking for with regexes. That might be a teeny bit more hairy. ;)

Yes, these are both PHP implementations, not Javascript. An ajax call to a special-purpose preview-generating script when the user stops typing for a moment should be speedy enough. Or make them hit a button.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜