New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Strange HTML parsing #709

Closed
JanPlusPlus opened this Issue Aug 6, 2018 · 0 comments

Comments

Projects
None yet
2 participants
@JanPlusPlus

JanPlusPlus commented Aug 6, 2018

Operating system

  • Windows

Application

  • Desktop

In browser HTML the text &lt;br&gt; expands to <br>, but in Joplin it becomes unexpectedly a line break (even \<br\> expands to a line break).

Things are similar in code mode:

  • &lt;br&gt; gets &lt;br&gt;
  • <br> gets a line break
  • \<br\> gets \<br\>

The only workaround to print a <br> seems to be for me: <`br`>, but this solution toggles between code and normal mode.

Also the specification on https://joplin.cozic.net/#html-support says:

Only the <br> tag is supported - it can be used to force a new line, which is convenient to insert new lines inside table cells. For security reasons, other HTML tags are not supported.

Why then this
<div style="color:red" onclick="alert('test123'); document.location='https://developer.mozilla.org/en-US/docs/Web/API/Document/location';">foo</div>
displays red text which when clicking on it opens a text box and then opens a new site?
If this is the change in https://github.com/laurent22/joplin/releases/tag/v1.0.104

New: Allow HTML in Markdown documents in a secure way.

then this should probably be updated in the spec.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment