WMD Markdown and server-side
Hello,
I work since 2 days on WMD & Markdown and i don't find THE solution for stock data with security. I would like users can post html/xml (with WMD) on my site. For the moment, I stock data in Markdown format but If I disabled JavaScript the user can push easy XSS. If I strip_tags or html_entities all data i loose the user html/xml . How can I do ?
In my opinion I must html_entities just the code between pre /pre, but how?! my data is in Markdown.
After, how I can do for forbid xss attributes :
<img src="javascript:alert('xss');" />
Sorry for my rusty english.
MaxoU