I’ve created a shard for sanitizing HTML (or XML) documents or fragments. If you have a web application that renders untrusted HTML you should make sure to have a sanitizer to prevent XSS attacks and other potentially harmfull doings. That includes rendering markdown.
Since this is a very typical application, there’s a dedicated example how to integrate with Crystal’s most popular Markdown shard
I’m hoping to receive some reviews on this shard. This is quite a serious matter for production apps. So I’d appreciate anyone looking into it. Please try to break it =)
Besides having a solid filtering mechanism, a key component is to provide good defaults for common use cases. That’s where the different standard configurations come into play. Do they make sense for your use cases?