This is PR implements improves to the previous rules page markdown editor. The main two issues the PR achieves is added XSS attack prevention and quick formatting tools for less tech savvy users.
With the XSS implementation, all unwanted scripts or attempts at execution of javascript code are eliminated. Currently it is setup so both before being rendered to preview or being sent to the database, that the raw user's markdown is cleaned of malicious HTML. This does mean the database is now storing HTML and not markdown, so when the user wants to edit their rules it will appear in HTML. This is something that will probably have to change so the clean HTML is converted back into markdown. Finally since the cleaning of the raw user's markdown is done through an api call, I have added proper handling of loading and error states incase of an api error.
For the formatting tools, I have added what I think are the basic and most used markdown formats. They support insert at your cursor or around your selection. For images and links there is a modal that takes the link and then inserts it with the correct formatting.
Finally, I fixed a few small bugs. Mostly notable if you had no rules set in the database, when previewing you could click the undo changes button. This would cause the buttons to disable, preventing you from entering the edit mode which meant you needed to reload the page.
Any feedback on improvements or fix are much appreciated!
This is PR implements improves to the previous rules page markdown editor. The main two issues the PR achieves is added XSS attack prevention and quick formatting tools for less tech savvy users.
With the XSS implementation, all unwanted scripts or attempts at execution of javascript code are eliminated. Currently it is setup so both before being rendered to preview or being sent to the database, that the raw user's markdown is cleaned of malicious HTML. This does mean the database is now storing HTML and not markdown, so when the user wants to edit their rules it will appear in HTML. This is something that will probably have to change so the clean HTML is converted back into markdown. Finally since the cleaning of the raw user's markdown is done through an api call, I have added proper handling of loading and error states incase of an api error.
For the formatting tools, I have added what I think are the basic and most used markdown formats. They support insert at your cursor or around your selection. For images and links there is a modal that takes the link and then inserts it with the correct formatting.
Finally, I fixed a few small bugs. Mostly notable if you had no rules set in the database, when previewing you could click the undo changes button. This would cause the buttons to disable, preventing you from entering the edit mode which meant you needed to reload the page.
Any feedback on improvements or fix are much appreciated!
https://www.youtube.com/watch?v=ZiE0xtbPpDI