After < , all the text is hidden


(Paolo G. Giarrusso) #21

That seems dangerous, and I think the linked thread discusses such solutions.

But I’m not typing HTML here, so what I type shouldn’t be sanitized directly; you want to do this escaping before or while producing HTML. After all, if an HTML producer is producing invalid HTML (which seems the case), that’s a bug of the HTML producer, and sanitize is only doing damage control.

As a demonstration, according to that thread, sanitize is used by Github, yet Github doesn’t have this bug.

As in “preview uses no sanitizing” or “it uses Javascript client-side sanitizing, and it’s a separate implementation”?


(Jeff Atwood) #22

x > 1

should work

x < 1

should also work (and now does!)


(Jeff Atwood) #23