gocom
commented
10 years ago In my opinion, the notes of notelist should retain ID that was specified, like [#moon].
That opens up a XSS vector, and because of it, can not be implemented in restricted mode. As such, the generated markup would be different between modes, which is not really acceptable. The basic language feature implementation can have no security implications.
Besides, the footnotes should retain the number that was already given, like [1] => id="fn1".
The IDs are intentionally prefixed with UID to prevent collisions. Page displaying list of articles would generate invalid HTML and broken footnotes reference links. Plus it makes sure your forum isn't injected with malicious IDs that then activate JavaScript handlers in undesigned fashion.
We can at some point give option to assign your own unique prefix to the links, but the used input can never be used as the ID/link due to collisions and security. Assigning the prefix can be used to make sure the links get the same ID on each parse.
Can there be an option to let the authors choose how Textile makes IDs for notes and footnotes?
In my opinion, the notes of notelist should retain ID that was specified, like [#moon]. Besides, the footnotes should retain the number that was already given, like [1] => id="fn1".