Most of these things I think are pretty easy to mitigate.
>Allowing arbitrary HTML allows hackers to use your site to impersonate login pages, using your trusted SSL certificate to make the page appear authorized in the browser header.
Make each user have their own custom virtual host (yourname.example.com).
>Allowing arbitrary content allowed hackers to exploit browsers to run arbitrary code and go wild from there with user permissions.
Arbitrary does not mean you can't sanitize it. You can specifically restrict javascript for example.
>Allowing arbitrary HTML mixes poorly with having more than one user doing it on a page.
You don't necessarily need more than one person doing it on a page. Each person can have their own page.
>Allowing arbitrary content to be uploaded and served out means that if you're lucky, you'll go bankrupt serving people pirated movies, and if you're not lucky, you'll go bankrupt and to prison for serving child porn.
You could say the same thing about Facebook. We have the safe harbor act and we have the ability to monitor these systems for misuse.
I don't know enough about MDX and JDX that Codeblog seem to allow. Where, in your opinion, does Codeblog land on the spectrum: More on the secure but boring side or on the fun and weird but dangerous side?
>Allowing arbitrary HTML allows hackers to use your site to impersonate login pages, using your trusted SSL certificate to make the page appear authorized in the browser header.
Make each user have their own custom virtual host (yourname.example.com).
>Allowing arbitrary content allowed hackers to exploit browsers to run arbitrary code and go wild from there with user permissions.
Arbitrary does not mean you can't sanitize it. You can specifically restrict javascript for example.
>Allowing arbitrary HTML mixes poorly with having more than one user doing it on a page.
You don't necessarily need more than one person doing it on a page. Each person can have their own page.
>Allowing arbitrary content to be uploaded and served out means that if you're lucky, you'll go bankrupt serving people pirated movies, and if you're not lucky, you'll go bankrupt and to prison for serving child porn.
You could say the same thing about Facebook. We have the safe harbor act and we have the ability to monitor these systems for misuse.