Closed BenRacicot closed 4 months ago
In HTML, the code
element formats things like code, but it does not mean you don't have to escape characters like <
and &
and >
correctly. You can do so using the normal HTML escapes e.g. <
&
and >
. You can see this if you make an HTML page with a code
element and put some additional HTML code inside it. The elements are interpreted normally by the browser, even when inside code
.
BTW if you want line breaks to be treated as such you probably want the "pre" element instead. Same catch applies though, you must escape punctuation that has special meaning in HTML.
On Wed, Feb 21, 2024 at 8:19 AM Ben Racicot @.***> wrote:
If you're unsure how to proceed with a problem and are not sure if it is a bug, please provide some information so we can help you. You can also use the Apostrophe Discord chat https://chat.apostrophecms.com/ and Github Discussions https://github.com/apostrophecms/apostrophe/discussions/ to ask questions as well. Question or comment
Please include as much detail as possible so we can help more quickly.
- What are you trying to do? I'm trying to allow code snippets through sanitization.
- What have you already tried? Implemented sanitize-html and read the docs (might be missing something)
Details
sanitize-html is wokring great in my project, however after implementing my rich-text-editor and allowing users to add code snippets obviously they are removed once I sanitize the content.
Is there a way to allow any code tag only within
...
?— Reply to this email directly, view it on GitHub https://github.com/apostrophecms/sanitize-html/issues/649, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAH27M34RFA7UQAC7ZQQ2LYUXX7FAVCNFSM6AAAAABDTBJUCCVHI2DSMVQWIX3LMV43ASLTON2WKOZSGE2DMNZUGE4DIOA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
--
THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER APOSTROPHECMS | apostrophecms.com | he/him/his
Ah escape first! Brilliant advice, thank you so much.
If you're unsure how to proceed with a problem and are not sure if it is a bug, please provide some information so we can help you. You can also use the Apostrophe Discord chat and Github Discussions to ask questions as well.
Question or comment
Please include as much detail as possible so we can help more quickly.
Details
sanitize-html is wokring great in my project, however after implementing my rich-text-editor and allowing users to add code snippets obviously they are removed once I sanitize the content.
Is there a way to allow any code tag only within
<code> ... </code>
?