Menu
I'd like to enable users to leave rich text comments, possibly using markdown. I've installed the libraries used on Reddit, but am concerned about the javascript injection attack which occurred last year, especially since I'm still not clear on the details of how the attack was done. Should I still be concerned about comment security? Is there a test string I can put through my system to check for the same flaws that took down reddit?
791
reddit uses the discount markdown library now.
79
Python-Markdown - the 'standard' one more or less - has a 'safe mode' feature that escapes html tags. That should be enough to counter most all HTML injection attacks.
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
