Fix markdown blockquote preview difference #1245
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cheehongw
approved these changes
Feb 19, 2024
|
I have checked, |
vigneshsankariyer1234567890
added a commit
that referenced
this pull request
Mar 4, 2024
* Fix broken duplicate link (#1233) Fix the broken link of a duplicate issue Currently, the user cannot open the link to a duplicate issue when opening an issue, as described in #1228. The links now work as expected. * Add whitespace validation (#1237) * Add whitespace validation * Update whitespace validation for new issue * Update whitespace validation for title of new issues * Update whitespace validation for title of new issues * Move validators into core * Update import order --------- Co-authored-by: Misra Aditya <e1096355@u.nus.edu> * Fix uncaught errors when attempting to access an invalid route There is an uncaught error when the users click on an invalid internal link in Markdown or enter an invalid link in browser. Internal links are unlikely to be used for bug reporting and are more likely to be invalid. Let's show an error toaster and stop the navigation when clicking on an internal link in Markdown. Also, redirect the users to the login page if the users enter invalid link in browser. * Set default branch to `main` Previously, image uploads depend on the user's default branch. Now, we set the branch for image upload to be `main`. Images will be uploaded to `main` as a result. --------- Co-authored-by: Chee Hong <c.h.wong2606@gmail.com> * Preserve linebreaks (#1241) With preserving linebreaks, subset list items are rendered as a list, and paragraph rendering is the same as Github. * Faulty list view when back navigating (#1243) Issue table settings such as page index are not saved when table is re-mounted. This behavior inconveniences users as their settings are reset everytime they navigate to a specific issue and back. Let's lift up the table settings of each mounted table to a service which the tables pull from when mounted. * Upgrade to Angular 12 (#1242) Some of our packages are old and outdated. We should actively maintain and keep these packages up-to-date so it is easier to maintain in the future. Let's upgrade to Angular 12 to keep our packages up-to-date. * Fix markdown blockquote preview difference (#1245) Due to DOMPurify, the content used for preview is different. However, given that ngx-markdown already has sufficient sanitation by default, we remove sanitation by DOMPurify. * Create release for v3.5.3 --------- Co-authored-by: Nguyen <87511888+nknguyenhc@users.noreply.github.com> Co-authored-by: AdityaMisra <114080910+MadLamprey@users.noreply.github.com> Co-authored-by: Misra Aditya <e1096355@u.nus.edu> Co-authored-by: NereusWB922 <107099783+NereusWB922@users.noreply.github.com> Co-authored-by: Chee Hong <c.h.wong2606@gmail.com> Co-authored-by: Arif Khalid <88131400+Arif-Khalid@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary:
Fixes #1214
Changes Made:
To elaborate on the issue, the preview blockquote does not render if there is any HTML element in the source string. This is because in that case, all closing bracket
>are changed to>.To fix this, I remove the sanitation by DOMPurify. As mentioned in #1214, ngx-markdown sanitises content by default, hence there is no need to sanitise again using DOMPurify. Furthermore, DOMPurify does not consider markdown syntaxes in sanitation.
I have checked out the examples given by DOMPurify, malicious content are also removed with the sanitation from ngx-markdown. The following content:
is rendered as
Notice that the
scriptand theiframetags are removed from the rendered HTML, and the broken tags are properly rendered.This closely matches the rendering on Github:
The only difference is that the sanitised strings are rendered as literal strings on Github, while removed in CATcher. However, given the purpose of CATcher, I believe there is no need for rendering malicious HTML elements as literal strings.
Proposed Commit Message: