Are text editors that use Markdown by detault safer than other text editors?

According to this: michelf.com/weblog/2010/markdown-and-xss It doesn't escape XSS on default.

According to this: michelf.com/weblog/2010/markdown-and-xss/ It doesn't escape XSS on default.

There are no XSS safe client side editors. Even if the editor does not allow you to insert arbitrary HTML, it is trivially easy for someone to bypass the editor and submit arbitrary HTML. The only safe solution is to sanitize the HTML on the server.

Exactly. A better question would be whether supporting only raw markdown posts would give you better protection against XSS (compared to html entry) and I think the answer would be yes. – Darien May 31 at 21:11 @Darien: No, you can inline HTML within your markdown, so you would still have to parse the markdown to strip out HTML.

– mikerobi May 31 at 21:13 @Darien only raw markdown posts means that the user types **bold text** but it doesn't get converted to bold text, it stays as is and the readers read it as **bold text**? If this is what you mean, I don't think that would be very visually appealing. It does no styling at all, and is kind of pointless.

– sameold May 31 at 21:54 What I meant is that you store the eight-character string "**bold**" inside your database, and show it inside text editors, etc. The only time it ever becomes the eleven-character "bold" is at the end when it's being displayed by a view-component. This is in contrast to converting it during input-time and storing the eleven-character version... Because then when the user wants to edit their post, your form-submit now needs to accept symbols and intelligently choose when to escape them, etc.– Darien May 310 at 21:09.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.