markdown: Sanitize HTML #1615
-
|
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
Hello, at Markor it is wanted/expected behaviour. Specifically, there are even options to globally inject any custom javascript and css. And..I know users do add custom js and css to some files, so the logic/style only applies specifically to these files in addition to globals. By the way, theres more than just Markdown at Markor, you can also open normal .html files just fine "as is".
As you say, Most, but not all. It is especially bad to see that most sanitizers also break non-malicious things. One painful recent example - wanted to use NextCloud PicoCMS - and many of the things don't work. Simple things. Like displaying small webp favicon icon inline. If you are not happy about that, Markor might be not what you look for. Don't really want to limit users in what they can do. |
Beta Was this translation helpful? Give feedback.
-
|
Making the option toggleable is not limiting users at all. |
Beta Was this translation helpful? Give feedback.
-
|
feel free to spend time on it and develop it. If you add it, should be opt-in. |
Beta Was this translation helpful? Give feedback.
Hello,
at Markor it is wanted/expected behaviour. Specifically, there are even options to globally inject any custom javascript and css. And..I know users do add custom js and css to some files, so the logic/style only applies specifically to these files in addition to globals. By the way, theres more than just Markdown at Markor, you can also open normal .html files just fine "as is".
As you say, Most, but not all. It is especially bad to see that most sanitizers also break non-malicious things. One painful recent example - wanted to use NextCloud PicoCMS - and many of the things don't work. Simple things. Like displaying small webp favicon icon inline.
If you are…