Home/ Questions/Q 955989
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T00:28:25+00:00

I have a requirement for users to create, modify and delete their own articles.

  • 0

I have a requirement for users to create, modify and delete their own articles. I plan on using the WMD editor that SO uses to create the articles.

From what I can gather SO stores the markdown and the HTML. Why does it do this – what is the benefit?

I can’t decide whether to store the markdown, HTML or both. If I store both which one do I retrieve and convert to display to the user.

UPDATE:

Ok, I think from the answers so far, i should be storing both the markdown and HTML. That seems cool. I have also been reading a blog post from Jeff regarding XSS exploits. Because the WMD editor allows you to input any HTML this could cause me some headaches.

The blog post in question is here. I am guessing that I will have to follow the same approach as SO – and sanitize the input on the server side.

Is the sanitize code that SO uses available as Open Source or will I have to start this from scratch?

Any help would be much appreciated.

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Storing both is extremely useful/helpful in terms of performance and compatiblity (and eventually also social control).

    If you store only Markdown (or whatever non-HTML markup), then there’s a performance cost by parsing it into HTML flavor everytime. This is not always noticeably cheap.

    If you store only HTML, then you’ll risk that bugs are silently creeping in the generated HTML. This would lead to lot of maintenance and bugfixing headache. You’ll also lose social control because you don’t know anymore what the user has actually filled in. You’d for example as being an admin also like to know which users are trying to do XSS using <script> and so on. Also, the enduser won’t be able to edit the data in Markdown format. You’d need to convert it back from HTML.

    To update the HTML on every change of Markdown version, you just add one extra field representing the Markdown version being used for generating the HTML output. Whenever this has been changed in the server side at the moment you retrieve the row, re-parse the data using the new version and update the row in the DB. This is only an one-time extra cost.

    • 0