[tracker1]

Been working, slowly-but surely in terms of writing my own blog engine (static generator) and then publishing to gh-pages, but was considering using discus for comments... thinking of doing something similar as a docker contained service that I can throw up on my dokku server.

TBH, the thought of managing the attack surface of comments is kind of scary... Will definitely be referring back to this.

[jimpick]

My approach was to just pump the entire comment through the "markdown-it" markdown processor, which promises to emit safe HTML. It's a popular project, so I'm banking on the fact that they go a good job of sanitizing in their pipeline.