replacing bbcode with markdown

posted by misterhaan in track7, markdown, bbcode on sep 20, 2016

letting visitors enter text on a website for display on that website means it’s going to be interpreted as html. something should be done with what gets entered to make sure it becomes html in a way that makes sense to visitors and also doesn’t leave the site open to everything html can do. for track7 going forward, that’s markdown.

the two most important factors here are making sure paragraphs are kept separate and preventing malicious visitors from using parts of html that can be dangerous or annoying to other visitors. in the past i’ve used a simple htmlspecialchars() in php to strip out the latter and a replacement of line breaks with an html line break tag for the former. the next step is to open up some of the features of html such as hyperlinks and bold text, which means visitors need a way to specify those things. markdown is my current choice, though my longstanding first method was bbcode.

both markdown and bbcode (along with others including wikitext) provide ways to mark up text with limited formatting. this essentially allows specific uses of a subset of html that prevent things like page redirects and password-snooping scripts. i wrote my own bbcode parser partly because i was active on forums which used bbcode and also because i was writing absolutely everything myself. now i hardly ever use bbcode but i use markdown more and more, so i added parsedown to track7 to parse markdown into html. in addition to my using more markdown than bbcode these days, markdown is easier to read than bbcode because it uses fairly natural formatting while bbcode mostly looks like html with square brackets instead of angle brackets.

writing my own bbcode parser was a good learning experience, but i didn’t feel the need to do it again with markdown. i quickly found parsedown, a fast markdown parser for php which i could easily customize to disable features i didn’t want (i don’t think comments should contain headings). my bbcode parser also had a backward conversion to get back bbcode from html that came out of my bbcode parser, but that didn’t seem to exist for markdown. instead i found recommendations to store the unparsed markdown and parse it into html on the fly when needed for display, since the parser is so fast anyway. i didn’t want to add any unnecessary processing time to display so i chose to store both the parsed html and unparsed markdown side-by-side. displaying would look up html while editing would look up markdown and then update both. existing data would leave the markdown blank and not allow editing which is fine considering how old most of it is anyway.

my latest redesign is focused on how things would work if i first built them now. the switch from bbcode to markdown with a parsing library has been a large technical change but i’m happy with how it works on the updated parts of the site so far.