Manage Entries page shows raw HTML #2560
Assignees
Comments
kareila
added a commit
to kareila/dreamwidth
that referenced
this issue
Jul 12, 2020
…escaping everything I took a wild stab at this - the options for the cleaner may need to be tweaked further, but this seems like a reasonable first attempt.
momijizukamori
added
effort: (2) average
type: parser/markdown/formatting
and removed
status: untriaged
labels
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Discovered this while working on the new RTE, which writes slightly more advanced (and supported) HTML into posts than the old RTE does:
We fully escape all of the content here via
LJ::ehtml():https://github.com/dreamwidth/dw-free/blob/master/htdocs/editjournal.bml#L105-L107
Maybe we should instead strip all tags and just show any textual content, unless that's an empty string, in which case, show the escaped HTML instead.
This is lowish priority, but something should be done before RTE 2.0 comes out of beta...suggestions welcome.
The text was updated successfully, but these errors were encountered: