Skip to content

No Escaping of HTML #38

Closed
jpillora opened this Issue Dec 8, 2012 · 4 comments

2 participants

@jpillora
jpillora commented Dec 8, 2012

I paste in the snippet:

3 backticks "html"
some html source with script tags
3 backticks

Instead of escaping the html, it puts it in the editor unescaped and gets parsed as HTML and the script loads and it just so happens that it breaks the loading sequence of dillinger, so its all saved instantly in a local cache (i presume), so upon refresh dillinger.io is irreversibly completely broken.

Escaping all HTML would solve this 😄

@joemccann
Owner

Interesting bug in showdown.js, the client side markdown rendering library. If the library marked solves this, then let's switch. Can you verify marked and/or showdown can fix this? It is not dillinger specific.

@jpillora
@joemccann
Owner

I suppose. Fork it and give it a try!

@joemccann
Owner

Fixed with marked library.

@joemccann joemccann closed this Dec 18, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.