tardisx
commented
13 years ago Current state is markdown, any arbitrary HTML is escaped. This still lets users cut sick with large headings and the like.
However keep in mind that comments are moderated...
Current defaults to markdown.
If we leave that we probably have to limit the tags used - ie it's bad to let them use <h1> and arbitrary HTML is probably also passed through...
Maybe it should be just plain text, at least in the beginning. Then we just replace each \n\n with <p>. Also encode using Mojo's encoding to fix html entities and the like.