I'm having trouble finding this because "ColdFusion" and "markup" doesn't tend to find me what I want, so maybe it's easier to just ask -- I'd love to find a CF software package that would let internal users write content entries in some kind of non-HTML markup (like BBcode or Markdown or anything) that a tool could safely process and convert to HTML for rendering. Is there anything like that out there, or am I off-base to be asking for a reason that isn't clear to me?

Nice. Thanks!

There's a load of libs, most of them java - I've used markdownJ in the past and it worked well.

i've used commonmark, and currently use flexmark.

I've been using https://forgebox.io/view/cbmarkdown but that's only for ColdBox applications. It uses flexmark under-the-hood

I appreciate all this. Thanks a ton!

Before Raymond Camden wrote that article, I mentioned to him that Lucee already has this baked in (version 6 +), no need to integrate the Flexmark library. Ray is a brilliant guy no doubt, but my assumption is his article is meant to promote Adobe Coldfusion, and not Lucee. As developers, we often make things complicated when they don't have to be. In Lucee 6.x, it's as simple as this... html = markdownToHtml( markdownString ); Hope that helps!

Oh, I'm using Lucee and that was definitely where I was going to start. Between you and me, I don't care what the answer is as long as I can slap people's hands off embedding tags in their content.

Expect you know this already, but just in case, this won't stop people putting HTML markup in, it provides an alternative, so you'll have to detect HTML and reject it when they create / edit.

With Lucee, HTML will get passed through with no issues.

Yeah, that's what I mean, so you need to escape the HTML if you're doing this for security reasons

Yes, good point

Lucee also has antisamy baked in which can sanitize html

@Asher Densmore-Lynn for cleaning out unwanted markup, use antisamy, owasp java html sanitizer, or jsoup. antisamy covers the most use cases, but is also the most annoying to configure and slowest. imo, they're all worth having available in your toolbox.

And you could consider something like prosemirror or one of its many out of the box derivatives for structured / visual input / output