details element parsed as string not HTML #2408
Comments
|
I'll investigate, but if this is semi-complicated, we should just remove |
|
On GitHub |
|
Hm.
|
|
Ah, I think it's just being sanitized to a string. Let's see if we can hack it. |
|
Phew. It's basically mixed Github flavoured Markdown with HTML in it. This might be tricky. |
|
Seems like https://github.com/svbergerem/markdown-it-sanitizer is not maintained anymore. I'm currently reaching out to @svbergerem to clarify. Basically |
|
@Regaddi No, the project is not dead. I'm not aware of any bugs and I didn't have enough time to implement new features. I already planned a bigger refactoring in 2016 that would allow adding and removing accepted tags. I just started working on the project again and I'll let you know when there is anything new. |
|
Just to note that markdown allows inline HTML. It's a feature. :) |
Yes, but we use the sanitizer to restrict what's allowed. Lots of scary things can sneak into valid HTML. |
|
@Regaddi showed me a workaround that we could ship until the sanitizer lib is updated, I might have some time to work on that tonight (before he wakes up), since I'm just hanging out at an AirBNB away from my family. |
(probably not happening tonight!) my idea was to essentially create a new file in the
I think that's probably better than forking the sanitizer lib, short-term. |
Fixes #2408 - Allow additional safe HTML tags in sanitized markdown
https://staging.webcompat.com/issues/1489
The text was updated successfully, but these errors were encountered: