Fix html tags in blog post

[ChaseNelson]

Resolves: #16256

Uses CSS to hide the write / preview button container in the markdown editor

[kraktus]

Hey, thanks for the PR! Reading back my comment I see how I could be misread, but we do not want to support arbitrary HTML in blog post due to security/XSS concern. We rather want to disable the preview WYSIWYG editor.

[ChaseNelson]

Hey @kraktus! That make sense. I updated the toast-ui editor styling to hide the write/preview button container, since the editor does not have an option to disable the preview tab.

[kraktus]

Thanks! That's better already, can we just hide HTML rendering in the preview instead of the preview altogether?

[ChaseNelson]

Updated to escape html tags when the preview button is clicked.

https://www.loom.com/share/ab90f5980905400687be3a426ca16b61?sid=e5743dad-9131-4b03-a10a-632c22447251

[ornicar]

I think it's weird that clicking "preview" effectively modifies the text. I would expect a preview to be without side effects.

[kraktus]

I was hoping an option to disable html preview in toastui-editor options, but judging by nhn/tui.editor#679 it does not seem possible and should really be something fixed at this level

[kraktus]

Actually maybe looking at customHTMLSanitizer https://nhn.github.io/tui.editor/latest/ToastUIEditorViewer would be worth it

[ChaseNelson]

The customHTMLSanitizer does not affect the WYSIWYG editor. So if you add an image tag in the Markdown editor and then switch to the WYSIWYG editor the image will appear regardless of whatever filtering the customHTMLSanitizer is doing.