Posted by Yohn ~ 03/01/13, 1:25am
I really do want to just finish up what is almost done on the website and release it, but I also want to create something thats awesome! I believe what is done and somewhat works is awesome, with a few tweaks of course cause not everything is set up to work for multiple sites. After those tweaks are done I believe I'll have a good stepping stool.. but..
I really want to allow people to customize what they put on the website via pure html, bbcodes, and markdown..
The bbcodes I already have written up, and they work out good, but yeah.. I would like to expand on that before I release this website.
Markdown allows the user to put html in their posts, so I need to figure out a way to prevent against XSS vulnerabilities within that while still allowing the user to use HTML in their posts.
I've been looking at a few filters for html -> html purifier, and kses.. html purifier doesnt work with html5 documents which is what I'm using, and it seems kinda bloated.. I'd like something a little smaller, kinda like kses, but that hasnt been updated in years and kses doesnt work with style attributes.. I'm thinking about diving into this myself and see what I can come up with.. wish me luck.. lol