[#1624] Escape html of product content field #718
Conversation
pi-sigma
force-pushed
the
fix/1624-html-escape
branch
from
67abb3a
to
bc83c2a
Compare
Codecov Report
@@ Coverage Diff @@
## develop #718 +/- ##
===========================================
+ Coverage 96.20% 96.30% +0.09%
===========================================
Files 642 683 +41
Lines 22933 24202 +1269
===========================================
+ Hits 22063 23308 +1245
- Misses 870 894 +24
... and 70 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Bartvaderkin
changed the title
|
The double slashes come from CKeditor or its markdown plugin trying to a some sort of html escape by putting double backslash in front of the angle bracket. If I use the same javascript libraries to render the string it does escape the html-tags, so this feels like a marked/gfmarkdown thing. But I cannot find where this happens. So I appended a commit with a slightly different approach to clean this up: we undo the weird escape and then strip_tags. |
|
@Bartvaderkin please doublecheck your solution together with the ckeditor-table option. I've checked on production where I could find HTML-tags, and noticed that this was the case with 4 products on MG: https://mijn.groningen.nl/onderwerpen/producten/bijstand-voor-tweedehands-computer-aanvragen/ If we strip tags I'd prefer not to remove (from the editor) valid content. I now also suspect that these tables are the reason why HTML-content is allowed... |
|
@alex I updated this PR: we no longer do html escape or strip tags, and only remove the weird slashes at render time as they are needed to be able to edit the html again (I guess the slashes are escaping html in ckeditor). |
Bartvaderkin
force-pushed
the
fix/1624-html-escape
branch
from
c945db9
to
81939e9
Compare
Taiga: #1624