FAQ for those who migrated from the vBulletin version of LFGSS

You are reading a single comment by @Nick.Earthloop and its replies. Click here to read the full conversation.

•

Velocio in reply to @Nick.Earthloop

Yes, that's why my tool escaped all the <, and why HTML posts won't work in it.

The problem with XSS is that just escaping < isn't enough to defeat it.

But... you can actually trust the HTML we output. If you had used that, I'd embrace the tool and would wonder how to integrate it.

If we had a "HTML to equivalent Markdown" tool, then you could trust the HTML and get back to easily readable and editable Markdown. Something like https://github.com/kates/html2markdown .

That would be good as then we'd have the basis for allowing quoting in a way that was similar to the old way.

But whatever the solution is, you just can't trust the original user Markdown.

•

Nick.Earthloop in reply to @Velocio

But... you can actually trust the HTML we output. If you had used that, I'd embrace the tool and would wonder how to integrate it.

Here is a version that works from the HTML output: http://nick.cleaton.net/markdown2.html

It's rather simplistic in that it leaves most of the HTML as HTML and just picks out the bits that most need to be converted to markdown for ease of editing. It does work well for @skydancer 's instagram post though, apart from the fact that my firefox for some reason assumes a windows-1252 encoding for an application/json content type with no explicit charset, so the utf8 m-dashes are garbled.

About

@Nick.Earthloop started