No Escaping of HTML

[jpillora]

I paste in the snippet:

3 backticks "html"
some html source with script tags
3 backticks

Instead of escaping the html, it puts it in the editor unescaped and gets parsed as HTML and the script loads and it just so happens that it breaks the loading sequence of dillinger, so its all saved instantly in a local cache (i presume), so upon refresh dillinger.io is irreversibly completely broken.

Escaping all HTML would solve this 😄

[joemccann]

Interesting bug in showdown.js, the client side markdown rendering library. If the library marked solves this, then let's switch. Can you verify marked and/or showdown can fix this? It is not dillinger specific.

[jpillora]

Could you just HTML encode all text before mark downing it ? Try using:

$('

').text(value).html();

On Saturday, January 5, 2013, Joe McCann wrote:

Interesting bug in showdown.js, the client side markdown rendering
library. If the library marked solves this, then let's switch. Can you
verify marked and/or showdown can fix this? It is not dillinger specific.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/38#issuecomment-11884357.

[joemccann]

I suppose. Fork it and give it a try!

[joemccann]

Fixed with marked library.