[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: [ANN] lua-users.org alternative wiki demo
- From: Petite Abeille <petite_abeille@...>
- Date: Wed, 20 Feb 2008 22:16:11 +0100
On Feb 20, 2008, at 9:58 PM, Bertrand Mansion wrote:
The question is more what is markdown not supporting that you might
need later?
Does your markdown version support html tables, definition lists,
footnotes, anchors?
Some markdown implementations do. Still HTML tables are usually a
pain to make.
Nanoki uses Niklas Frykholm's markdown.lua implementation:
http://www.frykholm.se/files/markdown.lua
One could turn it into a 'safe' version (e.g. no HTML tag whatsoever)
by changing line 810 to something like 't = encode_code( t )'... this
would effectively escape any HTML tag... only living the Markdown
syntax unaffected...
I think that you are underestimating the problem. What people see is
rendered html, not the code behind it. So someone could use the wiki
to prepare an attack against another site, for free and with Lua
blessings since the info would be hosted on a well known lua site.
Hmmm... will turn off free form HTML for the moment... better safe
than sorry :)
This would indeed solve one part of the problem. Another cleaner
solution consists in escaping special html characters (also in links
urls).
For example, you should make sure that this markdown: [click here](http://example.com/?url=
">) is translated to :
<a href="http://example.com/?url=">";>click here</a> and not
<a href="http://example.com/?url=";>">click here</a> otherwise, you
are prone to XSS attacks and things related.
<p><a href="http://example.com/?url="";>click here</a> </p>
http://nanoki.luaquiz.com:1080/code
Is it what you meant?
I am not an expert at these technologies, I just thought Fastcgi+a
robust http server would be more efficient if the wiki gets lots of
traffic. I don't know how your HTTP server works in this regard,
though.
Very much like any HTTP server:
http://www.polimetrix.com/pycon/slides/
Any of those configurations are possible.
Which solution would you choose for the Lua wiki given that it might
have growing needs/hits, and why ?
The demo runs behind nginx as a cluster of 4 instances. It's rather
trivial to scale up if necessary: add more instances :)
Cheers,
PA.
