HTML lost in WYSIWYG mode #30
Labels
Comments
|
Yes putting html in MD is valid. But currently we have some rules sanitizing html tag except something like Thanks for the issue :) |
|
@kyuwoo-choi sorry if this is the wrong place to ask, but are these sanitizing rules documented somewhere? We are looking to use tui to update news on our website and are quite interested in knowing how html tags are treated, mainly in terms of vulnerabilities.. |
|
@ViggoV Not at all. Any questions are welcome. I think the rules are a bit defensive because we did not have enough time to make it fine grind. |
|
In addition to the rules, we should consider the way html2md, md2html and how to treat the tags while editing tags in WYSIWYG mode. |
|
Thanks! I can't help but notice that you strip |
|
@ViggoV Nothing I remember. I think I will investigate the commits. Thanks! |
|
Hello Same question and didn't find how to deal with it. Can somebody help please ? I try to edit a file like, f.i., # TOC
<div>TEST</div>The editor has removed the HTML tag so display : # TOC
TESTIf I save that content, I'll lose my original content. My problem : I'm using span, div, img and also my own tag called "" and I wish to be able to keep them in the editor. Note : I didn't see any difference by setting var editor = new tui.Editor({
...
"useDefaultHTMLSanitizer": false
...
});Thank you! |
|
Hi all, I've write a workaround to bypass my problem. In my HTML content, I've escape tags : my #sourceMarkDown DOM element contains thus somethink like <encrypt>MyPassword</encrypt>In JS, I've : var editor = new tui.Editor({
"el": document.querySelector('#editorMarkDown'),
"useDefaultHTMLSanitizer": false,
"events": {
"load": fnPluginEditLoaded
}
});(not sure that The fnPluginEditLoaded() function looks like this : function fnPluginEditLoaded(editor) {
var $MD = $('#sourceMarkDown').text();
$MD = $MD
.replace(/</g,'<')
.replace(/>/g,'>')
.replace(/&/g,'&');
editor.setValue($MD);
return true;
}Not sure that it's the best way to achieve it but, ok, now, I can continue my migration. Markdown files that have HTML tags in their content can be edited through tui.editor. Thanks for this amazing tool (y) |
|
This issue is old and will be closed. If there is an issue again, please register as a new issue. |
seonim-ryu
pushed a commit
that referenced
this issue
Jan 2, 2020
seonim-ryu
pushed a commit
that referenced
this issue
Feb 5, 2020
seonim-ryu
added a commit
that referenced
this issue
Feb 5, 2020
fix: change logic to escape emphasis characters (fix #30)
seonim-ryu
pushed a commit
that referenced
this issue
Feb 5, 2020
seonim-ryu
added a commit
that referenced
this issue
Feb 5, 2020
fix: change logic to escape emphasis characters (fix #30)
seonim-ryu
added a commit
that referenced
this issue
Feb 6, 2020
* Release v1.8.13 * Fix documentation error * Update built version from latest source * Release v1.8.14 * Make createRange method public * Parse url and create anchor with queryparams * Build lib * Simplify regex for matching link query params * Make check for link protocol case-insensitive Resolves #308. * Allow class names to be configured * Add config.willCutCopy option Is an optional function that transforms the HTML being cut/copied before placing it on the clipboard. * Make TreeWalker filter argument optional * Make shift-enter always just add <br> * Add support for <pre>/<code> formatting * Convert adjacent space to nbsp when extracting range This resolves the issue where if you selected a word and then typed to replace it, the following space would be deleted as well. Fixes #331 * Escape <a> on space even if in nested tags Fixes #326 * Make detect-link regular expression customisable Resolves #313 * Update readme * Fix Kana-Kanji input on Mac Safari Resolves #332 * Release v1.9.0 * fix: event.key does not supported IE * Revert "Preserve block style if pasting on blank line" This reverts commit 50fb7c7c53ccb9b9fe03866ac02416d4a6989e66. * fix: merge td or tr when merge block and container (#1) * fix: blocking when merge td with div In tui.editor, when div is inserted using TextObject in the table, TD is merge div. So should allow td merge other tags. * fix: remove tag when pasting heading, list, blockquote (#2) * fix: HR is set to inline element HR is block element so HR is removed in inlineNodeNames and inserted in allowedBlock. * fix: fixcursor insert br into hr * enhance: handle element that has contenteditable as falase (close: #7) (#8) * Revert "enhance: handle element that has contenteditable as falase (close: #7) (#8)" This reverts commit f164d13a40b6d2f1a664f3c941f94ed48451755d. * fix: backspace/delete key remove contenteditable false block (fix: #7) * fix: merge div that has contenteditable false (fix: #7) * fix: focus() moves scroll position (fix: #1) * fix: the <img /> tag is not considered when checking line breaks (fix #2) (#3) * fix: setActive error, revert notWSTextNode fix: setActive error, revert notWSTextNode * fix: line break works correctly between <br> to <img> (fix #2) (#5) * feat: add allowedBlocks option (close #6) (#7) * Revert "feat: add allowedBlocks option (close #6) (#7)" (#8) This reverts commit 154bd6a0c0707f46f2a2435d8886a9068b3930c3. * feat: add allowedBlocks option (close #6) (#9) * feat: add allowedBlocks option (close #6) * feat: make build file * 환경셋팅 저장 * change bower, package informations * donRunner첫작업 완료 resolve #2 * 룰 적용 구조 작업 resolve #3 * 정리 * fixed render comma rule bug * add getNodeText to domRunner * basicRender Heading resolve #4 * 개행 프로세스 추가, css스타일의 셀렉터 필터 추가 resolve #6, #5 * 베이직 렌더러 - 링크 resolve #8 * 베이직 렌더러 - 이미지 resolve #7 * add list converter to renderer resolve #9 * 디펜던시 모듈들 업데이트 * change rule apply code * nested li resolve #12 * separate test case for toMark, strong converter added resolve #15 * code converter resolve #13 * li-heading convert inline html * add horizontal rule converter to renderer resolve #11 * add blockquote converter to renderer resolve #10 * code block converter resolve #14 * entry point filename change * build test and create demo test page resolve #16 * string trim resolve #17 * stop track rule over html root, and some fixed #21 * renderer getConverter refactor resolved #23 * added trimming process to toDom #19 * markdown backslash escapes resolve #24 * 화이트 스페이스에 대한 처리 resolve #19 * Convert with dom node resolve #25 * dom demo page resolve #26 * ol li number increase for li count resolve #27 * etc * add jsdoc resolve #31 * some fixed * some fixed: * refactor regex codes * refactor regex codes 2 * apply code review resolve #33 * text node in code tag not escape resolve #34 * gfm code block resolve #30 * if rule converter returns falsy renderer.converter returns empty string resolve #36 * gfm checkbox resolve #28 * gfm table resolve #29 * gfm del resolve #37 * some fixed * some fixed * add options * edit json files * add some table related code and edit demo html file * fixed problem in firefox * some fix after ie test, some code refactor * some code fixed * some demo code fixed * table header text fixed #46 * added space related codes resolve #51 * fixed p tags resolved #43 * b, s tag support resolve #48 * fix some tc * amd considered entry point * change p tag converter * change connect port to 8081 * change p tag converter resolve #54 * some convertors returns fixed, non-standard tag converter fixed * renderer.getSpaceControlled for non-standard inline tag * collapse duplicated returns made by <br /> and block element fixed #57 * remove div converter * some code fixed related <br> and return * some fixed * empty list resolve #58 * fixed gfm input code resolve #60 * some code fixed * ready to bower * v0.5.0 * some fixed from finalize code * dist * add code for empty inline element resolve #62 * build * some fixed #62 * build * some code fixed empty inline element related #62 * some code fixed * p in p is not valid html * fix empty p tag * add testcase about empty p tag * build * some tc added, gfm br added * build * fix gfm br * build * process br in end of li * add some tc * build * code fixed related p in li * build process added, prepare bower publish * change bower.json * bower fixed * escape text only contain markdown syntax resolve #63 * build * finalize multiple empty line fixed #67 * empty list render fixed #65 * empty list render2 fixed #65 * build * multiple block in p related #67 * build * some code fixed related remove returns * build * enhance about return resolve #69, resolve #68 * finalize refactoring resolve #72 * remove unused codes * build * blockquote multiple br convert to one br * build * some code fixed * build * all backticks need escape resolve #74 * apply diferent syntax on strong and em resolve #64 * build * control gfm block returns resolved #76 * build * return outerHTML if there is no converter and ie7,8 tc enhance fixed #77, #78 * resolve some tc problem about pre-code in ie78 fixed #79 * build * inline html should meged with subcontent resolve #80 * build * remove td, th when they have not text content * link enhanced about how to get href fixed #82 * build 0.0.1 * version 0.0.1 * dont remove empty td or th resolved #83 * inline tags need get space control with siblings resolved #84 * some code fixed * build 0.0.2 * preseve reurns in code block * build * release version 0.0.3 * escape markdown blockquote resolved #85 * tc fixed for cross browser test resolved #86 * build 0.0.4 * Apply inputless task resolved #90 * Add characters that should be escaped resolved #89, #88 * Should render link title attribute correctly fixed #87 * Enhance cross-browsing * Update 0.0.5 * Update bower.json, package.json * Enhance P in Lists fixed #92 * Package update & apply webpack fixed #92 * Update 0.0.6 * Add `-+` into list regexp fixes #98 * Modify _isNeedEscape() regexp related #98 * Merge pull request #97 from sungho-kim/vertical-bar-escape Add vertical bar regexp for escape fixes #96 * Update 0.0.7 * Rebuild 0.0.7 * Fix T/C fail * Merge pull request #100 from sungho-kim/task-convert Empty task converting without text content * Update 0.0.8 * Merge pull request #102 from junghwan-park/img-attr-path2 Preserve IMG element's relative path URI fixes #103 * Update 0.0.9 * Merge pull request #104 from sungho-kim/tomark-pass Convert method returns plain HTML on specific attribute * Update to 0.0.10 * feat: Renderer, basicRenderer and gfmRenderer are publicly available * fix: Fix change for anchor href * fix(escape): escape html in text node #2 * fix: escape 3-tildes code block * chore: version update to 0.0.13 * Merge pull request #4 from nhnent/hotfix/normalize_text_node normalize text nodes * version up date to 0.0.14 * fix: wrong childNodes length on tracker #5 * chore: add karma saucelab * chore: remove dist files * chore: version update to 0.0.16-pre * Merge branch 'hotfix/root_children_text_normalize_for_ie' * chore: karma config update run TC on safari & edge * chore: version update to 0.0.17-pre * feat: print number of backticks by 'data-backticks' attr (#7) * feat: print number of backticks by 'data-backticks' attr * refactor: apply code review (refs #7) * chore: version update to 0.0.17 * fix: wrong inline text conversion ,;:$&+= (fix #9) * chore: version update to 0.0.18 * chore: karma webdriver launcher change * chore: update ne, sl, local karma setting * chore: add npm dev command * feat: add npm support * chore: version update to 0.0.19 * chore: ready to publish on npm * chore: rename toMark to to-mark according to npm naming policy (ref #10) * feat: rename toMark to to-mark according to npm naming policy - change copyright - update webpack as to-mark can not be a namespace(toMark) * chore: karma version update to 2 * feat: code block with data-backticks property (close: #11, #12) * chore: version update to 1.1.0 * fix: breaking link, image markdown with [,(,< (close #14) (#15) * fix: breaking link, image markdown with [,(,< (close #14) * refactor: apply code review (ref #15) * chore: update dependencies * chore: version update to 1.1.1 * fix: newline in table breaks syntax (close #16)(#17) * chore: version update to 1.1.2 * fix: escape html + md syntax mixed text (close #19) (#20) * chore: version update to 1.1.3 * fix: underscore(_) is not allowed inside words * fix: test case about emphasis change from _ to * * chore: version update to 1.1.4 * fix: check strong, em, strike syntax (close: #23) * chore: version update to 1.1.5 * fix: list can contain heading (fix #25) (#26) * fix: list can contain heading (fix #25) * refactor: reflect code review * chore: version update to 1.1.6 * fix: backslash as text is removed * fix: not handle start attribute of OL * Merge pull request #31 from nhn/fix/escape-all-emphasis-characters fix: change logic to escape emphasis characters (fix #30) * chore: update config files for test (close #32) (#33) * feat: escape backticks (fix #34) (#35) * fix: convert child element of data-tomark-pass (#39) * fix: prevent image inside link from being escaped (#40) * fix: prevent image inside link from being escaped * refactor: remove unnecessary null comparision * fix: regexp test state reset (#41) * chore: update version to v1.1.8 * fix: escape emphasis characters twice (fix #42) (#43) * chore: update version to v1.1.9 Co-authored-by: Neil Jenkins <neil@nmjenkins.com> Co-authored-by: dhoko <dhoko@users.noreply.github.com> Co-authored-by: 이소희 <42666492+sohee-lee7@users.noreply.github.com> Co-authored-by: 김동우 <dongwoo.kim@nhnent.com> Co-authored-by: Sungho Kim <shirenbeat@gmail.com> Co-authored-by: 박정환 <junghwan-park@users.noreply.github.com> Co-authored-by: 강지웅 <trkang79@gmail.com> Co-authored-by: KyuWoo Choi <kyuwoo.choi@gmail.com>
js87zz
pushed a commit
that referenced
this issue
Jun 17, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
I've been looking for a solid WYSIWYG markdown editor for some time, and Toast looks very promising! I've just been testing with the demo and noticed an issue with HTML in markdown. As you know putting HTML code in markdown is perfectly valid, and often is the only way to achieve something beyond the capabilities of markdown (adding a class or id for example). in the
Markdownmode, things look ok:and renders in the preview fine (even with
class="html"intact):However, switching to
WYSIWYGmode and back toMarkdowncauses a loss of the HTML:It would be great (and much safer for users) if this could be maintained between modes.
The text was updated successfully, but these errors were encountered: