Markdown or HTML -


I need users to create, modify and delete my articles. I am planning to use the WMD editor which uses to create articles

What I can collect, stores Markdown and HTML. Why does it do this - what is the benefit?

I can not decide whether to store Markdown, HTML or both. If I store both, then I will recover a user for display.

UPDATE:

OK, I think by far the answers, I like Markdown and HTML. I'm also reading a blog post about XSS exploitation from Jeff Because the WMD editor allows you to input any HTML so that I can have some headaches.

There is a blog post in question I'm guessing that I have to follow the same SE approach - and clean the input on the server side

whether the sensitization code o open source Is available in the form or do I have to start it from scratch?

Any help would be greatly appreciated.

Thanks

In terms of performance and compatibility (and ultimately social control) Both are extremely useful / helpful.

If you store only markdown (or whatever non-HTML markup), it is always worth paying attention to all the time by parsing it in HTML tastes. Not worth the cheap

If you store only the HTML, then you will live quietly in the HTML generated from the risk. This can cause many maintenance and bug fixing headaches. You will also lose social control because you no longer know what the actually is filled with the user. For example, you know as an administrator who users are trying to use XSS & lt; Script & gt; And so on, End User will not be able to edit data in Markdown format. You have to change it back to HTML.

To update the HTML on every change of MarkDod version, you can represent the Markdown version by adding an additional field which is being used to generate HTML output. Whenever it has been changed to Server Side, at this time you retrieve the row, using the new version, you can re-parser the data and update the line in DB. This is an additional cost only once.


Comments

Popular posts from this blog

c# - sqlDecimal to decimal clr stored procedure Unable to cast object of type 'System.Data.SqlTypes.SqlDecimal' to type 'System.IConvertible' -

Calling GetGUIThreadInfo from Outlook VBA -

Obfuscating Python code? -