python - Markdown编辑器服务器处理最佳实践

Question

在自己的工程中使用了开源的EpicEditor，一种Markdown编辑器。但是从Markdown编辑器获取的内容在保持到MySQL数据库之前，应该要做一些过滤动作吧。比如引用第三方资源（JS/CSS/iframe），标签转义，避免SQL注入攻击等。

是否有最佳实践？是否有开源的组件可用？

怪我咯 · Answer

I haven’t found any open source components, but a brief discussion on this issue can be found here. To prevent xss
sql injection, you should use strict input filtering, advanced database connection classes, and ORM to prevent it.

怪我咯 · Answer

I have never used this open source editor. I don’t know whether the content you send to the server is markdown syntax content or markdown-translated html.
For the latter, you can use Bleach to clean html tags
for example:

allowed_tags = ['a', 'p', 'ul', 'li', 'h1']
new_html = bleach.linkify(bleach.clean(u"value html string",tags=allowed_tags, strip=True))

Portal: http://bleach.readthedocs.io/...

Php8, I'm coming too

Learn website layout in 30 minutes

Shangguan Oracle Beginner to Proficient Video Tutorial

Your first line of UNI-APP code

Flutter from scratch to app launch

Brother Lian New Linux Video Tutorial

AXURE 9 Video Tutorial (Suitable for Product Manager Interactive Product Design UI)

Zero Basic Proficiency PS Video Tutorial

16 day UI video tutorial to get you started

PS Techniques and Slicing Techniques Video Tutorial

Alibaba Cloud Environment Construction and Project Launch Video Tutorial

Overview of Computer Networks - Basic Knowledge that Programmers Must Master

Essential Tutorial for Programmers - HTTP Protocol Explanation

Websocket Video Tutorial