Clean rendered content #1
Description
Right now we are trusting that users who can access the admin site to create content will not do anything malicious. The current behavior allows users to input <script> tags into their content which could lead to all sorts of XSS attacks. This issue will become especially concerning if we expand to allow user comments or anything like that.
The workaround is to use something like bleach to remove any HTML tags in the rendered output that aren't on a whitelist. Because of the extra work rendering will take, it might be smart to start storing the rendered version of a post in the database and recomputing it if the markdown content changes.