[lopatin]

So many rich text formats? Ridiculous! We need to develop one universal standard that covers everyone's use cases.

[j] https://xkcd.com/927/

[egeozcan]

I never said anything about text formats though. Go crazy as the input, give me HTML as the output. I can sanitize it any way I want on the server-side anyway.

[ta1636467]

Sanitize when rendering the HTML, all other paths lead to hell.

I agree with granddaddy, the web just didnt cater for this with all the XSS, XSRF etc shennigans.

We're left with everyone implementing hacks, or in some cases, getting it right. Mud pie. Slap on an extra dollop.

[egeozcan]

> Sanitize when rendering the HTML, all other paths lead to hell

I didn't mean mangle user input when storing. I mean you can do that if you want to parse it and store it as a semantic subset to deliver to the devices that can't render HTML (yes they exist), but I digress.

You can sanitize any piece of HTML to a meaningful subset when rendering (well, before render, if you are doing on the server-side) with virtually any language by choosing among many solid libraries.