html links in keymap description can lead Agent astray

[mhantsch]

Add some funky html in the keymap description:

See that it looks awesome:

Click on the github link, and watch Agent turn into a new web page:

No way to get back to Agent 😏 You have to close the window and restart Agent.

You could filter out all html content, but it's kind of nice that I can do tables and bold emphasis etc...

[mhantsch]

And yes, of course I can add target="_blank" to the link and it will open in a new window and leave Agent intact.

[mondalaci]

Thanks for the report! From a security standpoint, I think Agent should escape all HTML.

[mhantsch]

From a security standpoint, I think Agent should escape all HTML.

There goes my table... 😔😉

Unfortunately, I agree to the security reasoning.

[ert78gb]

The #2352 PR sanitize the full HTML content but I maybe would better UX to define which HTML elements are allowed and open URLs in the external browser. But do it in other issue if there is user need.

[mondalaci]

Let's allow the use of newlines instead of converting them to <br>

[mhantsch]

snif

Can confirm this is now working as intended. Table, emphasis and links are now gone.