You have a basic website ready. You can push new updates in seconds. Its time to add new features now.
The plain text posts are not very pretty. We should be able to add links and basic styling such as bold text.
- Add ability to insert links and bold text in the posts.
- Sanitize the input to ensure user can't insert malicious html content such as javascript.
- Sanitize the input at server level too.
- Docs on
contenteditable - About XSS attacks with doable examples
- XSS protection in Django
- Try to avoid using any JS library and write your own component for rich text editing. Use Trix only if it becomes too hard to do it yourself.
- Bleach
- At what levels should we sanitize the content? Should we sanitize the output too?