WardCunningham
commented
9 years ago Mystery solved. Thanks.
Closed paul90 closed 9 years ago
WardCunningham
commented
9 years ago Mystery solved. Thanks.
WardCunningham
commented
9 years ago I agree that we have an obligation to escape or sanitize any unknown content we serve. But I'm thinking that escaping is the better choice except for the one case of item.type html.
paul90
commented
9 years ago Think that is better.
Rather than pass the whole page to wiki.resolveLinks, which by default will escape the pages HTML, we resolve any links in each story item. We will also extract any text from other story types, rather than just present the story item type. Any links in this text are resolved, and the output sanitized.