I'm looking at using WMD in my project instead of my existing RadEditor. I have been reading a few posts on how to store and retrieve the data, and I want to make sure I have the concept correct before proceeding.
If my research is correct, here is what I should be doing.
- I should store the editor data twice (Once as HTML and once as Markdown)
- I should run the HTML through a Whitelist before storing it.
- I should run the HTML through AntiXSS on the way out (before displaying)
- I should use the Markdown data ONLY to repopulate Markdown for editing.
Can anyone confirm or deny if this is correct, and also add any useful input on the subject?
References
Reformat my code: Sanitize Html
StackOverflow: how do you store the markdown using wmd in asp net
StackOverflow: sanitize html before storing in the db or before rendering antixss library
StackOverflow: store html entities in database or convert when retrieved