Forum: Ruby for user submitted content on website, use textile or html?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Dorren (Guest)
on 2007-04-12 10:30
(Received via mailing list)
I know use another markup language, like wiki syntax or textile is to
prevent javascript injection. But for user who don't know about wiki
syntax or textile,  I'm thinking about just allow them to enter plain
html, parse the content, and reject all questionable tags and
attributes, only allow predefined (safe) tags, like bold or italic,
etc.

Is using html for markup less secure than using non-html markup?
what's the main reason people use another markup language for user
posted content on website?
Brian C. (Guest)
on 2007-04-12 11:44
(Received via mailing list)
> what's the main reason people use another markup language for user
> posted content on website?

In order to make their users' lives miserable, I believe :-(

I've lost track of how many different markups I've had to learn: BBcode,
Twiki, rdoc, markdown, whatever Rubygarden uses, MoinMoin, Trac, pod,
probably others. All have different ways of expressing the most basic
things, like a hyperlink or a level 1 heading. When I come across a
website
which uses a different one again, like Textile, I cringe.

BBcode even uses [b]..[/b], presumably only to be different to <b>..</b>

Hmph!

Brian.
Leslie V. (Guest)
on 2007-04-12 13:21
(Received via mailing list)
On 4/12/07, Brian C. <removed_email_address@domain.invalid> wrote:
>
> BBcode even uses [b]..[/b], presumably only to be different to <b>..</b>

I hate it too. One good thing is MediaWiki's toolbar - click on a
button that looks like large text and it will put in a large text
example for you.

These HTML alternatives were not invented for security but for ease of
use, which is ironic

My hope is that a victor will emerge and most wikis will adapt to
support it as an option. Markdown is my favourite because I think the
text looks most like the final product, it's just that Markdown
desperately needs a syntax for tables.
James G. (Guest)
on 2007-04-12 16:38
(Received via mailing list)
On Apr 12, 2007, at 4:20 AM, Leslie V. wrote:

> Markdown is my favourite because I think the
> text looks most like the final product,

I agree.  Markdown is under loved.  I think it's a much better fit
for most user entry than Textile, which is over loved, in my opinion.

> it's just that Markdown desperately needs a syntax for tables.

And definition lists, yes.

James Edward G. II
Christian N. (Guest)
on 2007-04-13 00:37
(Received via mailing list)
James Edward G. II <removed_email_address@domain.invalid> writes:

> And definition lists, yes.
And custom class=.  Pleeaaase!
Leslie V. (Guest)
on 2007-04-13 10:50
(Received via mailing list)
On 4/12/07, Christian N. <removed_email_address@domain.invalid> wrote:
> >> it's just that Markdown desperately needs a syntax for tables.
> >
> > And definition lists, yes.
>
> And custom class=.  Pleeaaase!

I emailed John Gruber and he says tables are definitely coming - but
who knows when? In the meantime, he said that extensions found here
are the best bet: http://www.michelf.com/projects/php-markdown/extra/

Taking a quick look, tables, definition lists and footnote syntax look
the same as in Maruku (Maruku says it implements php-markdown's
extensions). In any event, the Markdown mailing list discusses
improvements:
http://six.pairlist.net/mailman/listinfo/markdown-discuss

My secret plan is to convert all our company's technical documentation
to Markdown.

Les
James G. (Guest)
on 2007-04-13 15:50
(Received via mailing list)
On Apr 13, 2007, at 1:49 AM, Leslie V. wrote:

> Taking a quick look, tables, definition lists and footnote syntax look
> the same as in Maruku (Maruku says it implements php-markdown's
> extensions).

It looks like there's Maruku for Ruby too:

http://rubyforge.org/projects/maruku

James Edward G. II
This topic is locked and can not be replied to.