I use Markdown for user content, this is passed through a Go library I wrote to ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		buro9 on June 12, 2015 \| parent \| context \| favorite \| on: Securing access to Wikimedia sites with HTTPS by d... I use Markdown for user content, this is passed through a Go library I wrote to strip out iframes, embeds, etc... https://github.com/microcosm-cc/bluemonday and then as a post-processing task once I trust the content, I find the links that I know how to handle (YouTube, Bikely, etc) and embed third party content in iframes. This is basically a way to do the equivalent of Twitter cards, it respects the JavaScript and web security model, but does mean that the iframes contain http content on a page that is https Where I'm trying to get to is to have all iframes, etc be https

JoshTriplett on June 12, 2015 [–]

> I find the links that I know how to handle (YouTube, Bikely, etc) and embed third party content in iframes.

Ah, that makes sense. From your previous comment, I didn't realize you were recognizing and explicitly handling sites like Bikely.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact