-
Yes, that's why my tool escaped all the <, and why HTML posts won't work in it.
The problem with XSS is that just escaping < isn't enough to defeat it.
But... you can actually trust the HTML we output. If you had used that, I'd embrace the tool and would wonder how to integrate it.
If we had a "HTML to equivalent Markdown" tool, then you could trust the HTML and get back to easily readable and editable Markdown. Something like https://github.com/kates/html2markdown .
That would be good as then we'd have the basis for allowing quoting in a way that was similar to the old way.
But whatever the solution is, you just can't trust the original user Markdown.
Velocio-
But... you can actually trust the HTML we output. If you had used that, I'd embrace the tool and would wonder how to integrate it.
Here is a version that works from the HTML output: http://nick.cleaton.net/markdown2.html
It's rather simplistic in that it leaves most of the HTML as HTML and just picks out the bits that most need to be converted to markdown for ease of editing. It does work well for @skydancer 's instagram post though, apart from the fact that my firefox for some reason assumes a
windows-1252encoding for anapplication/jsoncontent type with no explicit charset, so the utf8 m-dashes are garbled.
Nick.Earthloop
Yes, that's why my tool escaped all the <, and why HTML posts won't work in it.
Not my intention, tool deleted.