Allow code snippets

Question

Allow code snippets

BenRacicot opened this issue 4 months ago · comments

If you're unsure how to proceed with a problem and are not sure if it is a bug, please provide some information so we can help you. You can also use the Apostrophe Discord chat and Github Discussions to ask questions as well.

Question or comment

Please include as much detail as possible so we can help more quickly.

What are you trying to do?
I'm trying to allow code snippets through sanitization.
What have you already tried?
Implemented sanitize-html and read the docs (might be missing something)

Details

sanitize-html is wokring great in my project, however after implementing my rich-text-editor and allowing users to add code snippets obviously they are removed once I sanitize the content.

Is there a way to allow any code tag only within <code> ... </code>?

Tom Boutell · Answer 1 · Thu Feb 22 2024 22:19:53 GMT+0800 (China Standard Time)

In HTML, the code element formats things like code, but it does not mean you don't have to escape characters like < and & and > correctly. You can do so using the normal HTML escapes e.g. < & and >. You can see this if you make an HTML page with a code element and put some additional HTML code inside it. The elements are interpreted normally by the browser, even when inside code.

Tom Boutell · Answer 2 · Thu Feb 22 2024 22:20:59 GMT+0800 (China Standard Time)

BTW if you want line breaks to be treated as such you probably want the "pre" element instead. Same catch applies though, you must escape punctuation that has special meaning in HTML.

…

On Wed, Feb 21, 2024 at 8:19 AM Ben Racicot ***@***.***> wrote: If you're unsure how to proceed with a problem and are not sure if it is a bug, please provide some information so we can help you. You can also use the Apostrophe Discord chat <https://chat.apostrophecms.com/> and Github Discussions <https://github.com/apostrophecms/apostrophe/discussions/> to ask questions as well. Question or comment Please include as much detail as possible so we can help more quickly. - What are you trying to do? I'm trying to allow code snippets through sanitization. - What have you already tried? Implemented sanitize-html and read the docs (might be missing something) Details sanitize-html is wokring great in my project, however after implementing my rich-text-editor and allowing users to add code snippets obviously they are removed once I sanitize the content. Is there a way to allow any code tag only within <code> ... </code>? — Reply to this email directly, view it on GitHub <#649>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAH27M34RFA7UQAC7ZQQ2LYUXX7FAVCNFSM6AAAAABDTBJUCCVHI2DSMVQWIX3LMV43ASLTON2WKOZSGE2DMNZUGE4DIOA> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

-- THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER APOSTROPHECMS | apostrophecms.com | he/him/his

Ben Racicot · Answer 3 · Thu Feb 22 2024 23:05:26 GMT+0800 (China Standard Time)

Ah escape first! Brilliant advice, thank you so much.