|
|
|
|
|
|
by kijin
703 days ago
|
|
|
Markdown sources can contain HTML, which most parsers will gladly spit back out unescaped unless it's wrapped in a code block. I would much rather trust a sanitizer library written by someone who knows about security, than trust a Markdown parser that was never intended for that kind of role. I've built apps that ingest Markdown, and I always pipe the parser's output to a proper sanitizer. Using an iframe is a clever workaround, but good luck convincing Google et al. to treat the contents of that iframe as part of the page you want indexed. |
|
|