Raw Image HTML on Markdown

[bottlebug]

The event description's Markdown doesn't seem to accept any raw inline html for images.

This would be very helpful in resizing images which don't fit the screen width.

[syjer]

hi @bottlebug , thank you for opening the issue.

Currently, looking in the master branch:

I've noticed a few inconsistencies in our code:

the markdown preview in UtilsApiController.renderCommonmark do an explicit escape of the html with:

MustacheCustomTag.renderToCommonmark(StringEscapeUtils.escapeHtml4(input))

But on the other parts of the code it's not applied. So you can inline raw html.

Then on front end, the "style" attribute (and I guess others attributes too) is trimmed out, so you cannot resize it as you want.

I'll try to fix it in the M2 release.

edit: letting the user add an inline style may be too dangerous, especially in a shared context.

This will require more time to evaluate a good and secure solution.

I think that the best solution will be to let the user define a custom css for the event and then he can use the class attribute to customize the raw inline html as it's not filtered by angular.

Note: you can already use some already defined classes (talking about the master branch)

[syjer]

Looking at the code, in term of security, we have decided that it's better to always escape the raw html.

We will add the possibility to attach a custom css for the event, so you will be able to customize the whole page (markdown description included).

[syjer]

for the M2 release, the images (as defined with https://commonmark.org/help/tutorial/08-images.html ) will have by default a max-width of 100%.